Is there a recommended [secure] way to store parameters that are to be used
as credentials? For example, I want to create a Puppet module to configure
my Linux systems for authenticating to AD. Part of this process will
involve registering the machine to AD using an administrative credential.
Obviously, this could be bad if it is easy to retrieve the credential from
Puppet or its backing database(s).
Please advise on the typical course of action for this use-case.
-LJK
You may find hiera and even hiera-eyaml can help.
The hiera data is only stored on the Puppet server.
It is up to you to keep it secure but the hiera config files can be
restricted to the one Linux system.
Is there a recommended [secure] way to store parameters that are to be
used as credentials? For example, I want to create a Puppet module to
configure my Linux systems for authenticating to AD. Part of this process
will involve registering the machine to AD using an administrative
credential. Obviously, this could be bad if it is easy to retrieve the
credential from Puppet or its backing database(s).Please advise on the typical course of action for this use-case.
-LJK