Is there any more info on how to implement this?
I have done extensive work on POC environments that use Vault as a top level in Hierarchy and mark the secrets as 'sensitive' so they do not appear in logs and reports, but do not want to continue deploying this methodology if it's not the way the technology is headed.
Mentioned in the Puppet 6 release notes are the ability for a client to lookup secret data from Vault.Is there any more info on how to implement this?
The Forge already hosts some community modules that provide integrations with secret store, like the following:
Azure Key Vault: works on both the master and the server
Cyberark Conjur: works on the master
Cyberark AIM: works on the agent
Hashicorp Vault: works on the agent
AWS Secrets Manager: works on the agent
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c44e5f05-fefe-40d6-90d0-4471fb33a9a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
display_name=puppet \
policies=all_secrets \
certificate=@/etc/vault/keys/ca_cert.pem \
required_extensions="1.3.6.1.4.1.34380.1.1.22:vaultok" \
ttl=3600
cat << EOF > /etc/puppetlabs/puppet/csr_attributes.yaml | |
--- | |
extension_requests: | |
pp_securitypolicy: "vaultok" | |
EOF |