Hello,
- Puppet: node: 3.7.2-4 / puppet server: 2.7.2-1puppetlabs1 / puppetdb:
4.4.0-1puppetlabs1
- Distribution: Debian Jessie
- Module version: latest
I have some questions about the Sensitive() function:
I've *rewritten* my config to something like this:
class profile::grafana::base (
...
$grafana_database_password =
Sensitive(hiera('monitoring::grafana::database::password')),
...
)
{
...
$database_cfg = {
database => {
type => 'mysql',
host => "${database_server}:3306",
name => "$grafana_database",
user => "$grafana_database_user",
password => $grafana_database_password.unwrap,
}
}
....
The first question is: Is that correct ?
I found the password in cleartext in the PuppetDB, but I don't know, if I
have to clear the database first, to get rid all of the sensitive values,or
if PuppetDB removes the passwords automatically after some time.
The second question is: How looks like a plain hieradata line, to tell
Puppet it is a sensitive value ?
For Example:
icinga2::feature::idomysql::password:
"%{hiera('monitoring::icinga::mysql_password')}"
icinga2::feature::idomysql::database:
"%{hiera('monitoring::icinga::mysql_db')}"
The password itself is stored in hiera-eyaml but I don't want to find it in
the Puppetdb or logs.
Should I ask the module maintainer to support it, or is it possible to do
it on my own?
cu denny
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e4896bec-0f88-4cf8-a7e7-14c49dc1c839%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
