Handling Sensitive Data

[Jistan Idiot]

So we're looking at using Puppet. There are three things we're trying
to figure out how to manage -- SSL keys for the webservers, SSH keys
for the users, and the user's passwords (and specific /etc/shadow and /
etc/passwd for each box).

There's a ton of concerns with each one of these. Is there some place
with a good guide for doing all of this?

I came across a very old thread
http://groups.google.com/group/puppet-users/browse_thread/thread/da756bb067565ede
which implies you shouldn't put your sensitive data in the files
directory of the module. Is that still true?

[Erik Dalén]

That still holds true (unless you want to micromanage access permissions).

There is however a way to create a directory per host that is only
accessible by that host:
https://groups.google.com/forum/#!msg/puppet-users/XBkdcDypm0g/AVJFsSORkOkJ

--
Erik Dalén

[Ryan Coleman]

On Tuesday, May 8, 2012 6:36:02 AM UTC-7, Erik Dalén wrote:

That still holds true (unless you want to micromanage access permissions).

There is however a way to create a directory per host that is only
accessible by that host:
https://groups.google.com/forum/#!msg/puppet-users/XBkdcDypm0g/AVJFsSORkOkJ

--
Erik Dalén

+1 to using a custom mount point to keep sensitive files out of modules and restricting those mount points.

Docs on file serving from custom mounts: http://docs.puppetlabs.com/guides/file_serving.html#serving-files-from-custom-mount-points