how to safely distibute SSL keys with PuppetMaster

[Sans]

Hi there ,

I've a situation here, where I need to provide SSL key-pair for Nginx configuration and the SSL keys, that copied on to the agents as file{} resources goes to the repo, which is accessed by a number of people in the organization, which I don't like. What's the general recommendation (which goes along with the automation flow) here to handle this kind of situation?

I use eyal back-end for password and other secret string but how do I handle the files? I know: eyaml edit -f <file_name> can encrypt a file but how do I use that in Puppet or in a file{} resource? Thanks in advance!

-S

[Matthew Nicholson]

So I've done this simple with hiera email and using the contents of the ssl keys and certs as strings for file resources to use with created resources

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d08cabb6-a1dc-412a-a03a-2b69d906fa7f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sans]

On Tuesday, March 8, 2016 at 1:16:13 AM UTC, Matt wrote:

So I've done this simple with hiera email and using the contents of the ssl keys and certs as strings for file resources to use with created resources

Thanks Matt!! that worked. I think I'm good for now that way.

-S