Encrypting a value in Hiera/Puppet

Question

I have a question about encrypting a value in Hiera/Puppet that I am hoping that someone would be able to help me with it. The command that I am trying to run is: /opt/puppetlabs/puppet/bin/eyaml encrypt -l 'insert key to be encrypted here' -s 'insert value to be encrypted here' --pkcs7-private-key=/etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem --pkcs7-public-key=/etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem I think the Key should be something like cloudflare-dns-example@example.com but I am unsure where I should find the value? Or if the two need to be the other way around? Any help on this would be greatly appreciated, Thank you.

I have tried searching for results online to help me with this, but so far been unsuccessful with finding an answer to this.

Answer 1

Try this documentation https://github.com/voxpupuli/hiera-eyaml, that's the repo for the Gem that Puppet uses and what I use every time I need to setup eyaml. You need to create the public/private key pair using eyaml createkeys which I presume you've done, and stored them in /etc/puppetlabs/puppet/eyaml/ with permissions that Puppet can access them. You need to add those paths to the hiera.yaml file so Hiera knows where to find them. Take the string you want to encrypt and encrypt it eyaml encrypt -s 'hello there', I'm pretty sure you need to be in the /etc/puppetlabs/puppet/eyaml/ when you run that or the Hiera Gem won't find the keys. Then put the ENC[PKCS7,########] into your Hiera data.

Also, it's really helpful if you can paste the error message.