Hi guys,
I am testing Hiera-Eyaml for encrypting the passwords for the users in our Cassandra databases.
Encrypting the passwords in the eyaml files and passing the Hiera data to the testing nodes works fine.
My module runs an exec statement, that basically performs an "alter user with password " in Cassandra, being the Eyaml encrypted string being passed from Hiera.
Problem arises when I run a "puppet agent -t --debug" from the agent nodes, as it shows the passwords in plain text... is there any way of preventing this master-side? I read about the show_diff metaparameter but it only applies to file resources.
Thanks.
↧