6

I'm completely new to boxen (and puppet) and I want to prompt a user for a password during set up. I need to encrypt the input and add it to a config file.

I'll be using a template to generate the file, but getting the password is a little tricky since puppet wont write to console when executing code inside of a template.

I've considered doing this using a ruby or shell script to prompt the user and then store the password in an environment variable to use later in the template, but I don't know if this is the best or most secure way to do this.

Any suggestions? is there a "best practice" for doing this sort of thing with boxen/puppet?

Ben Glasser
  • 3,216
  • 3
  • 24
  • 41
  • 1
    I have a similar question over on the Boxen issue queue. No answer. Maybe you can add your voice there to see if we can get some guidance from the GitHub team - https://github.com/boxen/our-boxen/issues/570 – bryan kennedy May 10 '14 at 18:16
  • 1
    thanks for the heads up... I've added this comment to your thread, hopefully octocat can save us. – Ben Glasser May 13 '14 at 15:38

1 Answers1

0

You can use hiera and encrypt hiera data using the hiera-gpg or hiera-eyaml backend

Other option is to use facter with environment variables FACTER_MYPASSWORD or external facts under /etc/facter/facts.d

csanchez
  • 1,623
  • 11
  • 20