Puppet Integration
The Secrets Safe module consists of a number of plugins that allow creation and retrieval of secrets in DevOps Secrets Safe.
Prerequisites
The functions in this module require an application with permissions to perform read and write actions on the resources you interact with.
Usage
Ensure a user exists with a password retrieved from DevOps Secrets Safe, using the format shown here, where bob is the user:
user_password = dss_get_secret('https://my-secrets-safe.com', 'user/passwords:bob', "my_application", "my_api_key")
user { 'bob':
ensure => present,
password => Sensitive($user_password)
}
Use a DSS generator to generate a password, and then provision a Postgres database using it:
class { 'postgresql::server':
}
dss_create_secret_with_generator('https://my-secrets-safe.com', 'passwords/db/pg_user', "my_application", "my_api_key", "postgres-password-generator")
$pg_pass = dss_get_secret('https://my-secrets-safe.com', 'passwords/db/pg_user', "my_application", "my_api_key")
postgresql::server::db { 'new_postgres':
user => 'pg_user',
password => postgresql::postgresql_password('pg_user', $pg_pass),
}
Save a certificate that is on the file system as a secret in DSS:
dss_create_secret_with_file('https://my-secrets-safe.com', 'certs:mycert', "my_application", "my_api_key", "//etc/ssl/certs/ca.crt")
Functions
Each of the following functions have some common parameters:
| host | Data type: String | Hostname or IP address of DevOps Secrets Safe instance |
| app_name | Data type: String | Name of DSS application used to perform this action |
| api_key | Data type: String | API key of the DSS application specified in the app_name parameter |
| secret_uri | Data type: String | URI of the secret being operated on |
| secret_value | Data type: String | String value of the secret to be stored |
| generator_name | Data type: String | Name of the DSS generator used to generate the value for this secret |
| file_name | Data type: String | Path to the file which is stored as a secret |
Returns the value of a DevOps Secrets Safe secret found at secret_uri.
dss_get_secret(host, secret_uri, app_name, api_key)
Creates a secret at secret_uri using the value of secret_value.
dss_create_secret_with_value (host, secret_uri, app_name, api_key, secret_value)
Creates a secret at secret_uri using the DevOps Secrets Safe generator specified in generator_name.
dss_create_secret_with_generator(host, secret_uri, app_name, api_key, generator_name)
Creates a secret at secret_uri using the file at file_name as the value.
dss_create_secret_with_file(host, secret_uri, app_name, api_key, file_name)
