Storing secret data with hiera-gpg
In Chapter 4, Working with Files and Packages, we looked at a way to store encrypted data in our Puppet manifest which can be decrypted only with the appropriate key (see the Using GnuPG to encrypt secrets recipe in Chapter 4, Working with Files and Packages).
If you're using Hiera to store your configuration data, there's a gem available called hiera-gpg which adds an encryption backend to Hiera to achieve the same result.
Getting ready...
To set up hiera-gpg, follow these steps:
Run this command to install
hiera-gpg:ubuntu@cookbook:~$ sudo gem install hiera-gpg --no-ri --no-rdoc Fetching: json_pure-1.8.0.gem (100%) Fetching: hiera-1.2.1.gem (100%) Fetching: gpgme-2.0.2.gem (100%) Building native extensions. This could take a while... Fetching: hiera-gpg-1.1.0.gem (100%) Successfully installed json_pure-1.8.0 Successfully installed hiera-1.2.1 Successfully installed gpgme-2.0.2 Successfully installed hiera-gpg-1.1.0 4 gems installed
Modify your
hiera.yaml...
