OpenSSL Encryption backend for Hiera
A backend for Hiera that provides per-value encryption of sensitive data within yaml files to be used by Puppet.
Only the values are encrypted, allowing files to be swiftly reviewed without decryption.
The value of each key is encrypted individually, which means that "git diff" is meaningful.
Includes a command line tool for encrypting, decrypting, editing and rotating keys. This makes it almost as easy as using clear text files.
Basic asymmetric encryption (PKCS#7) is used by default. This does not require any native libraries to be compiled, and it allows users without the private key to encrypt values that the puppet master can decrypt
hiera-eyaml includes a pluggable encryption framework (e.g. GPG encryption (hiera-eyaml-gpg) can be used if you have the need for multiple keys and easier key rotation)
Debian: Jonas Genannt <email@example.com>
7 August 2014
Leaders and contributors
Resources and communication
This entry (in part or in whole) was last reviewed on 17 April 2018.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.