Hi, tried to use the "Sensitive" data type for the first time (with Puppet 6.18.0), but it doesn't work as expected (found and followed several tutorials on the net, see links below), also using the "lookup_options" method to ensure the Hiera-provided value is indeed converted to sensitive.
Here's my sample code (Hiera files omitted):
class test (Sensitive $foo) {
file {'/tmp/foo':
content => "${foo}\n",
}
}
When I run this, I get:
Notice: /Stage[main]/Test/File[/tmp/foo]/content:
--- /tmp/foo 2020-09-09 07:53:40.166807782 +0200
+++ /tmp/puppet-file20200909-18841-zq93gr 2020-09-09
14:55:05.569695841 +0200
@@ -1 +1 @@
-bar
+Sensitive [value redacted]
Notice: /Stage[main]/Test/File[/tmp/foo]/content: content changed
'{md5}fc552...' to '{md5}48a07...'
and then the file indeed looks like this:
# cat /tmp/foo
Sensitive [value redacted]
instead of containing the real value provided in Hiera.
Any ideas?
Thanks...
Dirk
https://blog.example42.com/2019/04/04/puppet_sensitive_data/
https://www.puppetcookbook.com/posts/hide-sensitive-values.html
https://puppet.com/blog/my-journey-securing-sensitive-data-puppet-code/
-- Dirk HeinrichsSenior Systems Engineer, Delivery PipelineOpenText ™ Discovery
| RecommindPhone: +49 2226 15966 18Email: [email protected]:
www.recommind.deRecommind GmbH, Von-Liebig-Straße 1, 53359
RheinbachVertretungsberechtigte Geschäftsführer Gordon Davies, Madhu
Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn,
Registernummer HRB 10646This e-mail may contain confidential and/or privileged
information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbiddenDiese E-Mail enthält vertrauliche und/oder
rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-
Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser Mail sind nicht gestattet.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b8b44d0a3859790edae6d420ab256d629df227a1.camel%40opentext.com.
signature.asc
Description: This is a digitally signed message part
