If you're using Hiera to store your configuration data, there's a gem available, called hiera-eyaml
, that adds an encryption backend to Hiera to allow you to protect values stored in Hiera.
Hiera-eyaml
will run through the puppetserver process on our master, so we need to install the hiera-eyaml
gem
on the puppetserver. Hiera-eyaml
also provides some command-line utilities, to take advantage of those, we'll install the puppet gem
installation as well.
To install the gems, do the following:
[vagrant@puppet ~]$ sudo /opt/puppetlabs/puppet/bin/gem install hiera-eyaml ... Done installing documentation for trollop, highline, hiera-eyaml after 0 seconds 3 gems installed
[vagrant@puppet ~]$ sudo /opt/puppetlabs/bin/puppetserver gem install hiera-eyaml ... Successfully installed hiera-eyaml-2.1.0 3 gems installed
Restart puppetserver
to take advantage of the new gem:
[vagrant@puppet ~]$ sudo systemctl restart puppetserver
Create initial keys for your hiera...