0

I would like to use eyaml edit to edit my Puppet/Hiera configuration files. My configuration files are a mixture of encrypted and plain text content. I want to use eyaml edit to encrypt certain properties. So initially my files will contain something like:

DEC::PKCS7[securepassword]!

and I understand when I save them via eyaml edit these properties will be encrypted.

I have the public key which my Puppet Enterprise Server uses but I do not have access to the private key (for security reasons).

Can I still use eyaml edit without a private key?

I only want to use it to encrypt properties.

I know I can invoke eyaml encrypt without a private key but I would rather not encrypt each property individually and I don't need to encrypt the entire file.

Mark McLaren
  • 121
  • 8

1 Answers1

1

The ability to use "eyaml edit" without the private key has been added in the master branch in GitHub.

This is how I am currently using it.

First configure eyaml so that it knows where your public key is (as per encrypt your data using hiera eyaml).

~/.eyaml/config.yaml

---
pkcs7_public_key: ‘/Users/myuser/keys/eyaml/public_key.pkcs7.pem’

Then install master branch version of eyaml using the specific_install gem.

gem install specific_install
gem specific_install -l https://github.com/voxpupuli/hiera-eyaml

Now you should be able to edit your eyaml files so that encryption works but decryption is not attempted using either (-d or --no-decrypt flags) e.g.

eyaml edit -d test.eyaml
Mark McLaren
  • 121
  • 8