From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 26 Sep 2015 18:04:34 +0000 (-0300)
Subject: New hiera scheme for secrets storage
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=5a2de12fb6660a3d40e7548cf6f071f9b0ce170f;p=puppet-bootstrap.git

New hiera scheme for secrets storage
---

diff --git a/hiera/hiera.yaml b/hiera/hiera.yaml
index 96cfb87..7e541b1 100644
--- a/hiera/hiera.yaml
+++ b/hiera/hiera.yaml
@@ -10,12 +10,24 @@
   # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html
   :datadir: hiera
 :hierarchy:
-  - 'domain/%{::domain}/node/%{::clientcert}'
-  - 'domain/%{::domain}/role/%{::role}'
-  - 'domain/%{::domain}/location/%{::location}'
-  - 'domain/%{::domain}/%{::domain}'
+  #
+  # Put in the secrets folder all sensitive information that
+  # wont be spread into every system if you're using the Hydra Suite.
+  #
+  # We also recommend to leave only encrypted data in your hiera config.
+  #
+  - 'secrets/node/%{::clientcert}'
+  - 'secrets/domain/%{::domain}'
+  - 'secrets/role/%{::role}'
+  - 'secrets/location/%{::location}'
+
+  #
+  # All other stuff goes in regular YAML files.
+  #
+  - 'node/%{::clientcert}'
+  - 'domain/%{::domain}'
+  - 'role/%{::role}'
   - 'location/%{::location}'
   - 'virtual/%{::virtual}'
-  - 'role/%{::role}'
   - bootstrap
   - common
diff --git a/hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml b/hiera/node/puppet-bootstrap.example.org.yaml
similarity index 100%
rename from hiera/domain/example.org/node/puppet-bootstrap.example.org.yaml
rename to hiera/node/puppet-bootstrap.example.org.yaml