If using a different Vault auth method is an option, you could use the AppRole method and define a role and policies in Vault. The Puppet agent then authenticates under a specific role (and instance of that role) that is governed by the policy.
On Tuesday, October 9, 2018 at 8:12:39 AM UTC-4, comport3 wrote: > > Mentioned in the Puppet 6 release notes are the ability for a client to > lookup secret data from Vault. > > Is there any more info on how to implement this? > > I have done extensive work on POC environments that use Vault as a top > level in Hierarchy and mark the secrets as 'sensitive' so they do not > appear in logs and reports, but do not want to continue deploying this > methodology if it's not the way the technology is headed. > > https://github.com/comport3/puppet5-hiera-vault-poc > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ea2b69c6-2050-468a-ab7a-ea6bdb2abee1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
