Comments (10)
Hi @justicel - can you provide more details including the versions of ruby and the contents of your hiera.yaml configuration file?
Thanks,
Simon
from hiera-eyaml.
Using the ubuntu precise version of ruby: 1.9.3p0 (ughh, but it works).
Contents of the configuration file:
---
:backends:
- yaml
- eyaml
:logger: console
:hierarchy:
- "%{environment/%{calling_class}"
- "%{environment}"
- common
:yaml:
:datadir: /etc/puppet/hieradata
That's enough to break it. I can also add the :eyaml configuration entries with key-file information and it doesn't change the error.
from hiera-eyaml.
And what does the 'secrets' key look like in your common.yaml / common.eyaml file?
from hiera-eyaml.
I use a block encode, so here's a bit off the top of the file:
ENC[PKCS7,MIIanQYJKoZIhvcNAQcDoIIajjCCGooCAQAxggEhMIIBHQIBADAFMAACAQAw
DQYJKoZIhvcNAQEBBQAEggEAkVTC18ceU2wPntcjmfuNA0NmfnRJzg/JENVp
FM7U04F0etknhlE61oS59hcupRITWHtg6iV87iOIiIdJ98nw6MRUStXWpA7w
wMDzItime+OsjbdteEZFRZUMEvkt/jTHmTEs8Y1npLlhIrxsSkQMMr0f0+i7
HsnkTGrXZfhyLPoQvRSPckLquVkhxlgEmyYY7hZv10D3aXpwD64v1JS6xvoP
J5Oe0vVWu26lym+Hoq0F8k9kswtgdO+l0VYrUyZY18HMeM68Otb6rcRb+bnG
And decoded here is some data:
---
secrets:
check-ins:
staging:
fog:
from hiera-eyaml.
OK. I'm afraid I'm still not quite sure what you eyaml file looks like, but I get the impression that it is all encrypted? It should read like a normal YAML file but with only value sections of it encrypted. i.e.
---
secrets:
check-ins:
staging:
fog: ENC[PKCS7,<encrypted value for secrets['check-ins']['staging']['fog']>]
The YAML parsing is done before any decryption is carried out, so the file must be valid YAML. Does that make sense? Have a look at the example encrypted file in the Hiera section of the readme: https://github.com/TomPoulton/hiera-eyaml#hiera
from hiera-eyaml.
I was under the impression that you could have a totally encrypted eyaml file? This was working okay before...
from hiera-eyaml.
Sorry @justicel - if it was working before, it was by accident rather than design. hiera-gpg
provides whole file encryption, but the aim of hiera-eyaml
was to only encrypt the parts that needed to be encrypted so that files make sense without having to decrypt them (and version control diffs make sense as well). The edit functionality makes this easy to manage without it becoming a burden.
I don't think there is a strong use case for entirely encrypted files, so personally I'd argue against fixing it so it works again.
Out of interest, do you know what combination of versions you were using when it worked?
from hiera-eyaml.
Unfortunately I don't. I'll try to figure it out. The reason I ended up encrypting the whole file was I couldn't figure out how to easily get specific fields to encrypt without a lot of editing trouble (this is a large secrets file).
from hiera-eyaml.
Experiment with the eyaml edit
command (see https://github.com/TomPoulton/hiera-eyaml#editing-eyaml-files). This was built to make working with files with lots of small bits of encrypted text easy (and overcome the editing trouble that you mention).
Let us know if you think there are improvements that could be made to the edit mode.
from hiera-eyaml.
I'm going to close this as it's not a bug or a requirement
@justicel if your common.eyaml file is getting large and unwieldy you can always split it up into two and add them both into the hierarchy. We have a common.eyaml and a core.eyaml file, it makes it easier to manage, and the two files also contain slightly different sets of data so it makes it logically clearer as well
from hiera-eyaml.
Related Issues (20)
- Recrypt shouldn't default to changing encryption
- Automatically convert encrypted values to Sensitive[T] HOT 4
- Error during hiera-eyaml gem installation
- hiera-eyaml Error was PKCS7[Method: 112, Reason: 115, Data: null] when using mutiple public private keys HOT 2
- Concerns about the encrypted? method HOT 2
- Gpg recrypt emits error about missing pkcs7 key HOT 2
- Using `3.2.1` for editing an eyaml created with `3.2.0` will mess up formatting HOT 11
- Subsequent "eyaml encrypt -s test" calls return different signatures HOT 2
- Incompatability with ruby 3.1.0 HOT 7
- lookup example with default parameter if decrypt fails HOT 3
- get return values instead of fatal errors
- Unable to encrypt string that begins with two or more hyphens (dashes) HOT 1
- Ruby >= 2.5.0 silently required since hiera-eyaml v3.2.3?
- Uneeded config warnings when using keys in env vars ([pkcs7] both public_key and public_key_env_var specified, using public_key)
- Allow execution of Puppet functions from Hiera HOT 4
- Allow Hash keys as Array HOT 2
- Encrypt yaml file on my workstation and push to git HOT 1
- Remote Code Execution vulnerability in the hiera-eyaml tool HOT 2
- Release a new version HOT 2
- multi-line yaml broken in decrypt output
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hiera-eyaml.