SlideShare a Scribd company logo

Encrypting sensitive data for puppet

S
sihil

The document discusses encryption methods for sensitive data used in Puppet with a focus on Hiera and Eyaml. It provides code snippets for encrypting and decrypting properties, as well as guidance on managing GPG keys for encrypting Eyaml files. Additionally, it encourages user interaction and contributions to the related GitHub repository.

Technology
1 of 22
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Encrypting sensitive data for Puppet Simon Hildrew! The Guardian @sihil
WHY BOTHER It’ll only come back and slap you in the face
Encrypting sensitive data for puppet
http://www.flickr.com/photos/35211570@N00/3144456275
Shared Puppet Sensitive Puppet Merge to puppet masters
Shared Puppet puppet master private key
first stop: hiera-gpg
--db-host: db.internal.gnm username: cheese password: wensleydale vs. <85>^A^L^C<96><AB>e2*<E0> 2^A^G<FE>:<8A><8C>c! <E5><C8><C0><88><B5><B1>2 <91>K<F5><8F><9E>w<A5><C9 ><FB>^Y<93>'_<C5>H<C7>f<A 1><FC>V1]<EC>^D<DD>I<B8>< 81><96><FD><AA>Q<D6>w8<DD >~Q[H^M<88>r<E4>i<F2>^AZ8 ^E<C1><AF>^E<C5><DE>'2EL< A4>=<9D><FF><8B><BB>c:AW* C<C0><8A><CE><CD>S<F4>b09 ^Ca+<E0><D8>/ <85><F7><8D>N<D9>R<9E>c<F 4><93>$<AF>^L<CA><E0>7
http://www.flickr.com/photos/31348155@N03/7028040701 http://www.flickr.com/photos/9763931@N04/5443386117 $ git diff 0bdc4ea33 cat.jpeg Binary files a/cat.jpeg and b/cat.jpeg differ
Encrypting sensitive data for puppet
hiera-eyaml
--plain-property: You can see me encrypted-property: >
 ENC[PKCS7,Y22exl+OvjDe+drmik2XEeD3VQtl1uZJXFFF2NnrMXDWx0csyqLB/2NOWefv
 NBTZfOlPvMlAesyr4bUY4I5XeVbVk38XKxeriH69EFAD4CahIZlC8lkE/uDh
 jJGQfh052eonkungHIcuGKY/5sEbbZl/qufjAtp/ufor15VBJtsXt17tXP4y
 l5ZP119Fwq8xiREGOL0lVvFYJz2hZc1ppPCNG5lwuLnTekXN/OazNYpf4CMd
 /HjZFXwcXRtTlzewJLc+/gox2IfByQRhsI/AgogRfYQKocZgFb/DOZoXR7wm
 IZGeunzwhqfmEtGiqpvJJQ5wVRdzJVpTnANBA5qxeA==]
$ eyaml decrypt -e test.eyaml ---
 plain-property: You can see me
 encrypted-property: >
 DEC::PKCS7[You can’t see me without a key]!
$ eyaml edit test.eyaml
Encrypting sensitive data for puppet
Encrypting sensitive data for puppet
Encrypting sensitive data for puppet
--plain-property: You can see me encrypted-property: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAw DQYJKoZIhvcNAQEBBQAEggEAxqeLyrOtMJy392yNwpNUKPIJ441SRVAMNi84 wEGZVc9TIsRkWmMJGxpe+jy9edqnl552pbmD+B5ecfYQ5dehDVeos2CzFrMo CAV+qqvYml1nkbiBdPreZeUVZCLQLOw9I03z+iSEokGUy0x9702zjjK1mafq HWC/ClzdZh1UGxd+1hyGrw/dDOVsZqdLT1bWT+MT5BiyVlmeHFDMy7XFuJkg ER73t1WOC0sOrWwua37yKneDA/J5sFYrRypVD+QKLoFMtgxYYBldcenn+whB EJkMNrVTJzGkzo9HPaZ/dJFvBVGPDo6MxRqMFf2Tx/3Mq7bq6Ckoa6PNQiEz 4BS88TBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAvO3CeT6tosqRc8Vuu fOo3gCB5JxY9ihIbnUJJl0Iuw0qeS6UsqKJ7HSst6+qRH90t5w==] new-encrypted-property: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQAwDQY
 JKoZIhvcNAQEBBQAEggEAK7otMYeHetnvkQVXQkjedR/2bXSA6KlDlI7rFBsrXpwsj5A8UBo8N3t5MgKx6kMPQN6T3ILNBA/1
 k7HFhRAsd5biJ2g1Y4NO8iS7Jedm+zlZ6MQPK0NNtU3+hNHYUfv63jmqKMb9GWswTPaS6fTiWz/+mLl1chWBuK9BW9b6xW6Ob
 OxmK4kYf9xOo7w+OrJy02j4zLNVqCzOrb1zge5GvYmH1n+IncBz1WyPAoWJEjnFD1X6fdO32ulN1IYLzUSXkSVAASeN5Hb00/
 8GRtyQE1hNeS4ea640n/yHidGH3uTGnjNU9QoIqX7Yaqnpc/4E8WWY975gICNeFO/PBN1kLzBMBgkqhkiG9w0BBwEwHQYJYIZ
 IAWUDBAEqBBDmVUe4sJBuxBVvmPAQcIhngCBx3IP8BWsyypcX3q8rRql3/GwPHeJ5moe6Mt1KEMcWpw==]
$ git diff a946fd1906c2fb0e489d60a9700b4c4d5a4a21ec test.eyaml index b94910e..5c8508a 100644 --- a/test.eyaml +++ b/test.eyaml @@ -10,3 +10,4 @@ EJkMNrVTJzGkzo9HPaZ/dJFvBVGPDo6MxRqMFf2Tx/3Mq7bq6Ckoa6PNQiEz 4BS88TBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAvO3CeT6tosqRc8Vuu fOo3gCB5JxY9ihIbnUJJl0Iuw0qeS6UsqKJ7HSst6+qRH90t5w==] +new-encrypted-property: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEh
hiera-eyaml-gpg
list of GPG recipients for encrypting eyaml files
That’s all More info at https://github.com/TomPoulton/hiera-eyaml ! Let us know if you use it and please do make pull requests.

More Related Content

PDF
4 multi pump systems off grid water papa ram pump
tapanma
 
PDF
papa pump off grid water pump far away from public utilities - papa ram pump
tapanma
 
PDF
Alimentos suplementarios-para-rumiantes
Pedro Benitez
 
PDF
Know007
the pooh
 
PDF
Know006
the pooh
 
PDF
Determinacion minimos cuadrados
Spier R. B. Condori Cruz
 
PPTX
Grade 4 math graphic
mrsstrong-clay
 
PDF
Dossier Presentación del Albergue El Último Bucardo
Encarna Palma Andres
 
4 multi pump systems off grid water papa ram pump
tapanma
 
papa pump off grid water pump far away from public utilities - papa ram pump
tapanma
 
Alimentos suplementarios-para-rumiantes
Pedro Benitez
 
Know007
the pooh
 
Know006
the pooh
 
Determinacion minimos cuadrados
Spier R. B. Condori Cruz
 
Grade 4 math graphic
mrsstrong-clay
 
Dossier Presentación del Albergue El Último Bucardo
Encarna Palma Andres
 

What's hot (18)

PDF
Dec 2090 honorarios sca
Pastor Felipe Duarte Ramos
 
PDF
[NUGU Conference 2018] 세션 B-5 : TTS & SKML 소개
NUGU developers
 
PDF
Plan1
farcrys
 
PDF
999
mamani barrientos
 
PDF
Tlwin.moemaka.1
Zaw Aung
 
PDF
Ugly Duck Clothing UK eBay Store
Rabius Sany
 
PDF
Vetiver taludes australia paultroung
NEGOCIOS DESDE COLOMBIA
 
PDF
Ugly Duck Clothing Ebay Listing Template Design
Rabius Sany
 
PDF
Homophones
masenhimerd
 
PDF
Attention-Based Adaptive Selection of Operations for Image Restoration in the...
MasanoriSuganuma
 
PDF
july release (1)lt prep satchel paige atl
Karl Brooks
 
PDF
En planning 13 - 19 juillet
Ilbarritz
 
PDF
A research paper introduction of Universal transformers
Keigo Kawamura
 
PDF
How to make Halloween more accessible for kids with special needs macaroni kid
Joanna Lowy
 
PDF
1 teste 5ano1
Daniela Fernandes
 
PDF
Toan t1 chuong 5-tich_phan_motbien_4
Informatics and Maths
 
PDF
Radyoaktivite
osman
 
PDF
Ppt emco product
ulfaalfianti
 
Dec 2090 honorarios sca
Pastor Felipe Duarte Ramos
 
[NUGU Conference 2018] 세션 B-5 : TTS & SKML 소개
NUGU developers
 
Plan1
farcrys
 
999
mamani barrientos
 
Tlwin.moemaka.1
Zaw Aung
 
Ugly Duck Clothing UK eBay Store
Rabius Sany
 
Vetiver taludes australia paultroung
NEGOCIOS DESDE COLOMBIA
 
Ugly Duck Clothing Ebay Listing Template Design
Rabius Sany
 
Homophones
masenhimerd
 
Attention-Based Adaptive Selection of Operations for Image Restoration in the...
MasanoriSuganuma
 
july release (1)lt prep satchel paige atl
Karl Brooks
 
En planning 13 - 19 juillet
Ilbarritz
 
A research paper introduction of Universal transformers
Keigo Kawamura
 
How to make Halloween more accessible for kids with special needs macaroni kid
Joanna Lowy
 
1 teste 5ano1
Daniela Fernandes
 
Toan t1 chuong 5-tich_phan_motbien_4
Informatics and Maths
 
Radyoaktivite
osman
 
Ppt emco product
ulfaalfianti
 
Ad

Recently uploaded (20)

PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Encapsulation theory and applications.pdf
gurumoop
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Ad

Encrypting sensitive data for puppet