[英]Handling sensitive information with Puppet
What is the best way to store and handle sensitive information with puppet and safely distribute it to your nodes? 使用puppet存储和处理敏感信息并将其安全地分发到节点的最佳方法是什么?
The version I am using is 2.7. 我使用的版本是2.7。
One example would be database passwords. 一个例子是数据库密码。 Plain text passwords are needed on your application servers.
应用程序服务器上需要纯文本密码。
How can one store these without leaving them lying around inside of the puppet scripts? 如何存储这些而不会让他们躺在木偶脚本里面?
Using Hiera for external data lookups and encrypting that data via eyaml or GPG is a good start. 使用Hiera进行外部数据查找并通过eyaml或GPG加密该数据是一个良好的开端。
https://docs.puppet.com/hiera/ https://docs.puppet.com/hiera/
https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml
http://leebriggs.co.uk/blog/2016/11/15/using-hiera-eyaml-gpg.html http://leebriggs.co.uk/blog/2016/11/15/using-hiera-eyaml-gpg.html
Another option, but I haven't tried it personally. 另一个选择,但我没有亲自尝试过。 https://forge.puppetlabs.com/sshipway/ss
https://forge.puppetlabs.com/sshipway/ss
Of course, this does require putting the data into a secure vault but that seems much more secure than storing sensitive data in Hiera. 当然,这确实需要将数据放入安全的保险库中,但这似乎比在Hiera中存储敏感数据更安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.