Although I don’t work at Puppet anymore, it’s still my favourite config management software, and I use it for the management of machines under my control, including my home storage server and several MacBooks. One of the most annoying pieces of this configuration is the management of secrets. A long time ago, someone created hiera-eyaml. This was a way of encrypting secrets, putting them in a YAML file encrypted, then configuring the Puppet master to use the secret key to unencrypt them when compiling a catalog.

Peter Souter

Just some guy y’know?

Technical Account Manager

London, UK