hiera-gpg
hiera-gpg copied to clipboard
add ability to source variable from external file
If i want to store the contents of a sensitive file, say an ssl cert or such in heira-gpg, at the moment i have to have a variable in heira which is just the entire file contents. This makes the yaml file a total mess of various walls of text.
It would be very handy if variables could be sourced from other gpg encrypted files, as this would allow things such as ssl::filecert include sslfile.gpg
I'm thinking something a little like: http://stackoverflow.com/questions/528281/how-can-i-include-an-yaml-file-inside-another
generally i think this will be hard in hiera.
my first use case for hiera-gpg was for protecting SSL PEM passphrases. i store the SSL .pem in plaintext in puppet and store the PEM passphrase in the prod.gpg hiera file. i'd be interested to see if this sort of feature gets added.