Hello Dirk,
Thank you for replying to the mail. However, your code doesn't work for the
resource of exec like below:
exec { '/path/to/decrypted-file':
command => 'eyaml decrypt --file=/path/to/encrypted-file >
/path/to/decrypted-file',
# ...snip
}
This generates a notice like:
Notice: /Stage[main]/xxx::zzz/Exec[/path/to/decrypted-file]/returns:
[hiera-eyaml-core] No such file or directory @ rb_sysopen -
./keys/private_key.pkcs7.pem
I can workaround this if I gave the directory, where keys are located, to
an attribbute of cwd like:
cwd => /etc/puppetlabs/code,
# pkcs7_private_key: '/etc/puppetlabs/code/keys/private_key.pkcs7.pem'
# pkcs7_public_key: '/etc/puppetlabs/code/keys/public_key.pkcs7.pem'
I gratefully thank for any further advises.
Kind regards,
Go
2020年11月24日火曜日 0:55:31 UTC+9 Dirk Heinrichs:
> Am Montag, den 23.11.2020, 15:23 +0900 schrieb Go Iwai:
>
> It looks more natural if I could rewrite this line above like below:
>
> eyaml decrypt --file=encrypted-file
> --pkcs7-public-key=%{pkcs7_public_key}
> --pkcs7-private-key=%{pkcs7_private_key}
>
>
> I don't think you need to specify these options at all if everything is
> configured correctly. I have the following hiera.yaml in my Puppet
> environments:
>
> ---
> version: 5
> defaults:
> datadir: hiera
> lookup_key: eyaml_lookup_key
> hierarchy:
> - name: Main
> options:
> pkcs7_private_key: '/etc/puppetlabs/code/keys/private_key.pkcs7.pem'
> pkcs7_public_key: '/etc/puppetlabs/code/keys/public_key.pkcs7.pem'
> paths:
> - ...
> - common.yaml
>
> With this in place I can simply type "eyaml edit common.yaml" or "eyaml
> encrypt -s 'something'", w/o specifying the keys every time.
>
> HTH...
>
> Dirk
>
> --
>
> *Dirk Heinrichs*
> Senior Systems Engineer, Delivery Pipeline
> OpenText ™ Discovery | Recommind
> *Phone*: +49 2226 15966 18 <+49%202226%201596618>
> *Email*: [email protected]
> *Website*: www.recommind.de
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan,
> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail sind nicht gestattet.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8e51cbb0-02bd-4999-b89b-ea656c139018n%40googlegroups.com.
