It is going to encrypt and decrypt a plain_text
Fabio Santos B. da Silva

Fabio Santos B. da Silva



4,449 latest version

3.8 quality score

Version information

  • 0.1.0 (latest)
released Jul 3rd 2019

Start using this module


fsbsilva/secret — version 0.1.0 Jul 3rd 2019

Secret for Puppet face and puppet_x

Table of Contents

  1. Description
  2. Setup - The basics of getting started with secret
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module


It is a simple module to decrypt and encrypt a plain_text in order to be re-used within many custom function modules. It will be an addon for your solution.

If you are developing a solution to install a software that needs to have a secret information, you can create a function where it can read a particular facter, hiera or file that contains a secret_key in order to protect that information.


Beginning with secret

$ sudo puppet module install fsbsilva-secret


In order to perform subcommand secret, we implement 3 actions :

1 ) encrypt That action is going to use a default secret_key and iv, whether you do not have one.

Example: puppet secret ecrypt "password123"


puppet secret encrypt --secretkey '41254157g5o9s7h8m3e612awpmon!5jk' --iv_base 'nxWo3eFMpPxxY+sbade4eg==' password123

2 ) decrypt That action is going to use a default secret_key and iv whether you do not have one.

Example: puppet secret decrypt 't5LmQf9tEKCqVR0AkqNWGw=='


puppet secret decrypt --secretkey '41254157g5o9s7h8m3e612awpmon!5jk' --iv_base 'nxWo3eFMpPxxY+sbade4eg==' 't5LmQf9tEKCqVR0AkqNWGw=='

3 ) random_iv That action is going to generate a iv_base64 if you do not have one.

Example: puppet secret random_iv


There are many ways to store a secret_key and iv_base64. You can use the default values from this module or you can store this in a hiera, facter or even into a file. It is up to you!

Basically, you need create your lib/puppet/function like this:

require 'puppet_x/secret/encrypt'

Puppet::Functions.create_function(:decrypt_password) do
  dispatch :check_for_process do
    param 'String', :encrypted_passwd
    param 'String', :secretkey
    param 'String', :iv_base64

  def check_for_process(encrypted_passwd, secretkey, iv_base64)
    puts PuppetX::Secret::Encrypt.decrypt(encrypted_passwd, secretkey, iv_base64)