AWS Secrets Manager as a Hiera Backend
We use both Puppet and AWS extensively. Historically, we’ve managed secrets with eyaml and git. This allows version control and recovery of secrets, but requires the decryption key(s) to be stored on the same disk as the secrets. We’ve evaluated Hashicorp’s Vault as a secrets management solution. While it is robust and full of appealing […]