New hiera scheme for secrets storage

diff --git a/hiera/hiera.yaml b/hiera/hiera.yaml
index 96cfb878882127b3d770a0fe85bc0dbfbda7ab47..7e541b1e293cdd6882a8c118903ca5d16d6775d1 100644 (file)
--- a/hiera/hiera.yaml
+++ b/hiera/hiera.yaml
@@ -10,12 +10,24 @@
   # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html
   :datadir: hiera
 :hierarchy:
-  - 'domain/%{::domain}/node/%{::clientcert}'
-  - 'domain/%{::domain}/role/%{::role}'
-  - 'domain/%{::domain}/location/%{::location}'
-  - 'domain/%{::domain}/%{::domain}'
+  #
+  # Put in the secrets folder all sensitive information that
+  # wont be spread into every system if you're using the Hydra Suite.
+  #
+  # We also recommend to leave only encrypted data in your hiera config.
+  #
+  - 'secrets/node/%{::clientcert}'
+  - 'secrets/domain/%{::domain}'
+  - 'secrets/role/%{::role}'
+  - 'secrets/location/%{::location}'
+
+  #
+  # All other stuff goes in regular YAML files.
+  #
+  - 'node/%{::clientcert}'
+  - 'domain/%{::domain}'
+  - 'role/%{::role}'
   - 'location/%{::location}'
   - 'virtual/%{::virtual}'
-  - 'role/%{::role}'
   - bootstrap
   - common

diff --git a/hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml b/hiera/node/puppet-bootstrap.example.org.yaml
similarity index 100%
rename from hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml
rename to hiera/node/puppet-bootstrap.example.org.yaml