We're using the vault_lookup[1] module to retrieve secrets from Vault via mTLS. It works fairly well when grabbing secrets within a manifest.
However it feels like an anti-pattern by forcing lookups into our manifests when we want to keep that in Hiera. I found a previous related thread[2] where Henrik suggested writing a custom backend for Hiera and return a Deferred. However after doing what I thought was the correct thing, and returning a Deferred in our custom backend, the value in the file ends up being the literal string 'Deferred ...' and not being evaluated. I even wrote a quick manifest to check if a Deferred is being returned by Hiera/APL and it does not seem to be the case -- Hiera is returning a String representation of it. So my question is -- is it possible to actually return a Deferred via a Hiera lookup_key backend and if so, what might I be doing wrong? Sanitized code / outputs / etc provided[3] for mocking. Versions: puppet: 7.20.0 puppetserver: 7.8.0 puppetlabs/stdlib: 8.30 Thanks! Aaron [1] https://forge.puppet.com/modules/puppet/vault_lookup [2] https://groups.google.com/g/puppet-users/c/E-Q-ok-B0gQ/m/h-tYJFPdBwAJ [3] https://gist.github.com/arusso/9eed3cac93e02aa270b6811b560b2093 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e5e12ede-e33f-440a-b13f-ccd221110f9dn%40googlegroups.com.
