Forge Home

secure_env_vars

Run a command or script with sensitive environment variables.

26,537 downloads

19,955 latest version

4.5 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Jan 22nd 2021
This version is compatible with:
  • Puppet Enterprise 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 8.0.0
  • , , , , , , , , , ,
Plans:
  • secure_env_vars

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppetlabs-secure_env_vars', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppetlabs-secure_env_vars
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppetlabs-secure_env_vars --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

puppetlabs/secure_env_vars — version 0.2.0 Jan 22nd 2021

secure_env_vars

Run a command or script with sensitive environment variables.

Table of Contents

Description

This module includes a single plan, secure_env_vars, which can be used to run a command or script on a list of targets with sensitive environment variables.

This is useful if you need to set environment variables on a target, but do not want to hard-code the values for the variables into your plan, as they contain sensitive information. Instead, Bolt will load the environment variables by reading the BOLT_ENV_VARS environment variable and parse it as JSON. The value of this environment variable should be a JSON object that maps environment variable names to values.

Parameters

targets

The targets to run the command or script on.

  • Type: Boltlib::TargetSpec

command

The command to run.

  • Type: String

script

The script to run.

  • Type: String

Usage

This plan can be used to run either a command or a script, but not both at the same time. If you provide both a command and script parameter, the plan will error.

Setting the environment variables

To set the environment variables that will be used by the command or script, set the BOLT_ENV_VARS environment variable to a JSON representation of a map of environment variable names to values.

For example, if you need to set the SECRET_PASSWORD environment variable for your command or script:

export BOLT_ENV_VARS='{"SECRET_PASSWORD":"$uper$ecretP@ssword!"}'

Running a command

To run a command, set the command parameter.

*nix shell command

bolt plan run secure_env_vars targets=servers command="git pull https://$OAUTH_TOKEN:x-oauth-basic@github.com/name/repo.git master"

PowerShell cmdlet

Invoke-BoltPlan -Name secure_env_vars targets=servers command="git pull https://$OAUTH_TOKEN:x-oauth-basic@github.com/name/repo.git master"

Running a script

To run a script, set the script parameter. This can be either a relative path, absolute path, or a file from a module (e.g. modulename/script.sh).

*nix shell command

bolt plan run secure_env_vars targets=servers script=scripts/configure.sh

PowerShell cmdlet

Invoke-BoltPlan -Name secure_env_vars targets=servers script=scripts/configure.ps1