Skip to content

Instantly share code, notes, and snippets.

@logicminds
Last active May 7, 2020 16:59
Show Gist options
  • Save logicminds/20ed2cb74648d9b84f714955feec3095 to your computer and use it in GitHub Desktop.
Save logicminds/20ed2cb74648d9b84f714955feec3095 to your computer and use it in GitHub Desktop.
Puppet Sensitive datatype wrapped in a hash
class test(Hash $config){
file{'/tmp/test123.txt':
ensure => file,
content => Sensitive($config.to_yaml),
}
}
$jwt_token = Sensitive.new('doublesecret')
$config = {
general => {
loglevel => 'INFO'
},
jwt_token => {
secret => $jwt_token.unwrap,
validity => '7200',
}
}
class{'test': config => $config }
@logicminds
Copy link
Author

logicminds commented May 6, 2020

Notice on line 14 I use the unwrap function, which turns the jwt_token into clear text.

This results in

[root@pe-xl-core-0 /]# puppet apply test2.pp
Notice: Compiled catalog for pe-xl-core-0.puppet.vm in environment production in 0.02 seconds
Notice: /Stage[main]/Test/File[/tmp/test123.txt]/ensure: changed [redacted] to [redacted]
Notice: Applied catalog in 0.21 seconds
[root@pe-xl-core-0 /]# cat /tmp/test123.txt
---
general:
  loglevel: INFO
jwt_token:
  secret: doublesecret
  validity: '7200'

@logicminds
Copy link
Author

logicminds commented May 6, 2020

If I don't use unwrap() function the file displays the raw ruby object which is to be expected base we are wrapping the Sensitive as a Sensitive.

---
general:
  loglevel: INFO
jwt_token:
  secret: !ruby/object:Puppet::Pops::Types::PSensitiveType::Sensitive
    value: doublesecret
  validity: '7200'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment