Forge Home


Use secrets stored in RevBits PAM securely.


1,142 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.1.0 (latest)
  • 1.0.12
  • 1.0.11
  • 1.0.10
  • 1.0.9
  • 1.0.8
  • 1.0.7
  • 1.0.6
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0 (deleted)
released Aug 27th 2021
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
  • Puppet >= 6.0.0 < 8.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'revbits-puppetplugin', '1.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add revbits-puppetplugin
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install revbits-puppetplugin --version 1.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



revbits/puppetplugin — version 1.1.0 Aug 27th 2021


Table of Contents

  1. Description
  2. Setup - The basics of getting started with puppetplugin
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module


This module allows you to securely fetch secrets form RevBits PAM.


Setup Requirements

Install aes-everywhere gem on puppet-server & puppet-agent with the following command.

/opt/puppetlabs/puppet/bin/gem install aes-everywhere


To install this module, run the following command on the Puppet server:

puppet module install revbits-puppetplugin

To install a specific version of this module (e.g. v1.0.0), run the following command on the Puppet server:

puppet module install revbits-puppetplugin --version 1.0.0


Example Usage

$secret_value = Deferred(puppetplugin::secret, ['KEY_TO_FETCH', {
  appliance_url => "",
  api_key => Sensitive("YourAPIKey")

file { '/tmp/puppetfile': # Resource type file
  ensure => file, # Create as a file 
  owner => 'root', # Ownership
  group => 'root', # Group Name
  mode => '0644', # File permissions
  content => $secret_value

Deferred functions

This module leverages Deferred functions introduced in puppet v6+ to make sure that all credentials are retrieved on agent side.

Deferred(puppetplugin::secret, ['KEY_TO_FETCH', { #...options }])

Note: The above puppet function will not work if not wrapped in Deferred

Sensitive type

The value returned frompuppetplugin::secret is wrapped in Sensitive data type so that it is difficult to mishandle secrets accidentally.

To get the value as String you will need to use unwrap on returned value i.e. $secret_value.unwrap


For detailed references check


See metadata.json for dependencies and compatibility.


We at RevBits welcome all contributions.

Contribution Guide

  • Create a fork of this module's repository
  • Add your contribution on a branch starting with issue number e.g. 221-fixing-typo-in-docs
  • Create a pull request against upstream

We will review your work and possibly merge to main