Puppet Version: any Puppet Server Version: any OS Name/Version: any Actual Behavior: Puppet Forge is public, and downloading modules don't require authentication. However there are some repositories that can hold modules and require authentication to connect. Those repositories are:
When installing modules from those repositories user is forced to set his credentials in plain text in URI supported form, for ex.:
Installing modules with similar module repository being set, reveals those credentials. In fact it's done each time a module is installed, with a message:
Desired Behavior: Puppet should mask password if given, like this:
|