Forge Home


9,979 latest version

1.9 quality score

Version information

  • 1.0.2 (latest)
  • 1.0.1
  • 1.0.0
released Nov 28th 2012

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'mthibaut-mutual_trust', '1.0.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add mthibaut-mutual_trust
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install mthibaut-mutual_trust --version 1.0.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



mthibaut/mutual_trust — version 1.0.2 Nov 28th 2012

#Class: mutual_trust

Provides a defined type named "mutual_trust::ssh" which enables mutual trust between users on different systems.

All uses of mutual_trust::ssh with the same tag will result in trust to every other usage of mutual_trust::ssh with that same tag!

For this module to work, you must enable storeconfigs on the puppetmaster server. For instance, you can put this in /etc/puppet/puppet.conf:

    storeconfigs = true


  • tag

Optional (defaults to $name).

The tag used to collect resources. All nodes declared with the same tag will trust each other.

  • user

Optional (defaults to root).

The user for whom to collect public ssh keys.

  • homedir

Optional (defaults to a guess such as /root or /home/$user)

The home directory for the user. This is only used to guess the sshdir parameter.

  • sshdir

Optional (defaults to $homedir/.ssh)

The ssh directory containing the authorized_keys file.


include mutual_trust
node /foo/ {
    mutual_trust::ssh {"web":}
node /bar/ {
    mutual_trust::ssh {"web":}
    mutual_trust::ssh {"db":}
node /baz/ {
    mutual_trust::ssh {"db":
        user => oracle

As a result, root@foo and root@bar will be able to login to each other.

root@bar can also login to oracle@baz and vice versa.

oracle@baz cannot login directly to root@foo, but can do so anyway while logged into root@bar.


Maarten Thibaut (


Copyright 2012 Maarten Thibaut. Distributed under the Apache License, Version 2.0.