puppet-crypt

This is a Puppet module to install and configure Crypt.

Configuration

---
classes:
  - crypt

crypt::crypt_version: "3.0.0"
crypt::server_url: "http://crypt"
crypt::remove_plist: true
crypt::package_source: "puppet:///modules/bigfiles/crypt/my_special_crypt.pkg"
crypt::payload_organization: "Example Organization"
crypt::crypt_files:
  - "/Library/Crypt/checkin"
  - "/Library/Crypt/FoundationPlist.py"
  - "/Library/LaunchDaemons/com.grahamgilbert.crypt.plist"
  - "/Library/Security/SecurityAgentPlugins/Crypt.bundle/Contents/MacOS/Crypt"
crypt::wait_for_user: false
crypt::force_install: false
crypt::output_path: "/var/root/crypt_output.plist"

The path to the install package on your Puppet server. Defaults to puppet:///modules/bigfiles/crypt/-${munkitools_version}.pkg, which means that the install package should be in the bigfiles module, in files/crypt, named to match the version.

By default this module will only manage Crypt on macOS devices that are either:

• Laptops
• Have Crypt managed by Munki

If you wish to install and configure it on all macOS devices, regardless of their state, set crypt::force_install to true.

There have been issues with installing and configuring Crypt's modifications to the Authorization database when there are no users configured on the system. To stop this happening, set crypt::wait_for_user to true (the default). Set this to false only if you know the risks involved.

Pass a list of files to watch for that if missing, will trigger an installation of the Crypt package via crypt::crypt_files. The defaults should be fine, unless the package has been modified.

Requirements

• apple_package
• client_stdlib
• macauthdb
• mac_facts
• mac_profiles_handler
• munki