Topics

Releasing a Vault / Puppet integration in the VP namespace

Lindsey Smith
 

Hi all,

One of the new capabilities in Puppet 6 is allowing agents to fetch data for themselves at catalog application time. A key use case for this is securely retrieving sensitive information like passwords from a secrets store. Hashicorp Vault is one of the most popular of these and we've started building an integration here: https://github.com/tvpartytonight/vault_lookup

Because we want to make community contribution easier we'd like this to live under the Vox Pupuli namespace on GitHub and the Forge. The module is still a work in progress but when it in a usable state we'd like to have it start life on the Forge in the puppet namespace.

Any concerns with this?

Lindsey

 

Hi Lindsey,

Is it planned that Puppet Inc. keeps working on it and provides support
for raised issues, even after the migration to us? Should the module
only support the new lookup function, or anything else related to Vault?
Some of us contributed to https://github.com/jsok/puppet-vault in the past.

Cheers, Tim

On 9/24/18 11:25 PM, Lindsey Smith wrote:
Hi all,

One of the new capabilities in Puppet 6 is allowing agents to fetch data
for themselves at catalog application time. A key use case for this is
securely retrieving sensitive information like passwords from a secrets
store. Hashicorp Vault is one of the most popular of these and we've
started building an integration here:
https://github.com/tvpartytonight/vault_lookup

Because we want to make community contribution easier we'd like this to
live under the Vox Pupuli namespace on GitHub and the Forge. The module is
still a work in progress but when it in a usable state we'd like to have it
start life on the Forge in the puppet namespace.

Any concerns with this?

Lindsey



Lindsey Smith
 



On Tue, Sep 25, 2018 at 11:38 AM Tim <tim@...> wrote:
Hi Lindsey,

Is it planned that Puppet Inc. keeps working on it and provides support
for raised issues, even after the migration to us? Should the module
only support the new lookup function, or anything else related to Vault?
Some of us contributed to https://github.com/jsok/puppet-vault in the past.

From the Puppet Inc perspective "support" has a very specific definition about what you are entitled to if you are a paying customer, so to answer your question we'd be maintainers in the typical open source project sense. 

Is the module for Lookup only? I think it should be focused on Deferred usage and growing its capabilities. I'm really glad that jsok/puppet-vault exists and maybe it makes sense later to merge them. Ideally both are full-featured and we don't intend for Deferred to compete with or replace Hiera. Which you choose depends entirely on your environment and use cases.

Lindsey

 

Cheers, Tim

On 9/24/18 11:25 PM, Lindsey Smith wrote:
> Hi all,
>
> One of the new capabilities in Puppet 6 is allowing agents to fetch data
> for themselves at catalog application time. A key use case for this is
> securely retrieving sensitive information like passwords from a secrets
> store. Hashicorp Vault is one of the most popular of these and we've
> started building an integration here:
> https://github.com/tvpartytonight/vault_lookup
>
> Because we want to make community contribution easier we'd like this to
> live under the Vox Pupuli namespace on GitHub and the Forge. The module is
> still a work in progress but when it in a usable state we'd like to have it
> start life on the Forge in the puppet namespace.
>
> Any concerns with this?
>
> Lindsey
>
>
>
>

Thomas Mueller <thomas@...>
 

On 09/24/2018 11:25 PM, Lindsey Smith wrote:
Hi all,

One of the new capabilities in Puppet 6 is allowing agents to fetch data for themselves at catalog application time. A key use case for this is securely retrieving sensitive information like passwords from a secrets store. Hashicorp Vault is one of the most popular of these and we've started building an integration here: https://github.com/tvpartytonight/vault_lookup

Because we want to make community contribution easier we'd like this to live under the Vox Pupuli namespace on GitHub and the Forge. The module is still a work in progress but when it in a usable state we'd like to have it start life on the Forge in the puppet namespace.

Any concerns with this?
+1 from me as long as you not just "throw over the fence". And according your other reply you will maintain it - very nice!

 - Thomas

 

Hi,


On 9/26/18 5:35 AM, Thomas Mueller wrote:
On 09/24/2018 11:25 PM, Lindsey Smith wrote:
Hi all,

One of the new capabilities in Puppet 6 is allowing agents to fetch
data for themselves at catalog application time. A key use case for
this is securely retrieving sensitive information like passwords from
a secrets store. Hashicorp Vault is one of the most popular of these
and we've started building an integration here:
https://github.com/tvpartytonight/vault_lookup

Because we want to make community contribution easier we'd like this
to live under the Vox Pupuli namespace on GitHub and the Forge. The
module is still a work in progress but when it in a usable state we'd
like to have it start life on the Forge in the puppet namespace.

Any concerns with this?
+1 from me as long as you not just "throw over the fence". And according
your other reply you will maintain it - very nice!
I'm fine with this as well

 - Thomas