Find file
Fetching contributors…
Cannot retrieve contributors at this time
47 lines (30 sloc) 1.26 KB


Hiera is a configuration data store with pluggable back ends, hiera-gpg is a backend for hiera that supports gpg coded YAML files


Hiera is often used by configuration management systems such as Puppet with all the configuration stored in a VCS. Often you want to store sensitive information such as database root passwords in the same place as the rest of your configuration so Puppet can read it. hiera-gpg allows you to place your YAML in a gpg encoded file which can be read by Hiera on the command line or via Puppet on any machine that has a valid secret key.


Here is a sample hiera.yaml file that will work with gpg

:backends: - gpg

:logger: console

:hierarchy: - %{env}
            - common

   :datadir: /etc/puppet/hieradata

   # Optional, defaults to ~/.gnupg
   :homedir: "/etc/puppet/gpg"


The back end currently just shells out to the GPG command (/usr/bin/env gpg) - I would like to implement this without shelling out, perhaps by using the gpgme API. Perhaps someone would care to fork it and look at doing that :)