Forge Home


YAML importer for Encrypted Data


8,893 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.0.1 (latest)
released May 1st 2015
This version is compatible with:
  • Puppet Enterprise >=3.4.3
  • Puppet >=3.4.3
  • , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'hajee-connect_encrypted', '0.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add hajee-connect_encrypted
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install hajee-connect_encrypted --version 0.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



hajee/connect_encrypted — version 0.0.1 May 1st 2015

Build Status Coverage StatusCode Climate

####Table of Contents

  1. Overview
  2. Module Description - What YAML importer for Connect does and why it is useful
  3. Setup - The basics of getting started with the YAML importer for Connect
  4. Usage - Configuration options and additional functionality
  5. Troubleshooting
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


Connect is a replacement for YAML in hiera when using Puppet. Connect allows you to assign, manipulate and reference data. It also allows you to import data items from external sources. The code to import this data is called a datasource.

##Module Description

This module contains the data source for reading encrypted data into Connect. This can be useful for example in the following use cases:

  • Storing passwords or ssh private keys in your Connect files
  • Storing privacy sensitive information in your Connect Files

By storing the decrypted password in an other (offline) source, you can be certain, the Connect files stored in a git repository are not readable by non authorized persons.


Here is an example reading encrypted data in your connect file.

import from encryped("${password}") into passwords:: do
  ftp_password        = 4tXI3V4yU3+E0b8MB4Td2A==|RGh76OTpA0wQ9pK1bCuCkA==
  satellite_password  = OUMkw35FgJs5eK51BvBvAw==|ixoQf091i/wGKEWjZJAd9g==
  download_password   = Pv/AZPVyUTVAXZzwTDBlvg==|wLb96I7c6iBN2nIcp62zPA==
  secret_stuff        = j2S3BHEeRqLnCJV8MaVQ3A==|r1UcBZgiatyMh62CWxjCRg==

In this example, we decrypt our data using the password set in the variable password. The values are trhen put into the Connect variables: passwords::ftp_password , passwords::satellite_password, passwords::download_password and passwords::secret_stuff


###Installing the module

To use the YAML datasource module, you first have to make sure it is installed.

puppet module install hajee/connect_encrypted

If you are using a Puppetfile, you need the following lines:

mod 'hajee-connect_encrypted'

No additional actions are required. Connect searches for available data sources when staring. So when this data source is installed, it is usable instantaneous.

###What connect_encrypted affects

connect_encrypted affects no other modules then only Connect.

###Setup Requirements

A requirement for connect_encrypted is the [Connect]](, module. This requirement is specified in the module metadata so you don’t have to manage it yourself.

###Beginning with connect YAML module


To create an encrypted file, create a normal connect file with values you want to encrypt:

a = 10
b = ‘This is secret’

The get the encrypted output by using the following command:

$ puppet connect encrypt data.connect --password thisneedsalongpassword

This created the output:

password = 'Hallodaarditiseenpassword'
import from encryped("${@password}") do
  a = 8uIcgM340JOHt2u6HHzkOw==|0JMomNWYFu9z/+o9XBsKBg==
  b = X7hv99N710533t7oO3zEyA==|nA5eKFnx92QS0cenPEcIjA==

You can redirect this to the file that you want to use it, in.

Check the Connect Language, in a Nutshell, for more intro into the language.


Use the --debug option to puppet to see what is happening.


This module is tested CentOS and Redhat. It will probably work on other Linux distributions.


This is an open source project, and contributions are welcome.

###OS support

Currently we have tested:

  • CentOS 5
  • Redhat 5


Make sure you have:

  • rake
  • bundler

Install the necessary gems:

bundle install

And run the tests from the root of the source code:

rake spec

We are currently working on getting the acceptance test running as well.