This module includes an AWS KMS plugin for bolt. This module provides a plugin which allows config values to be set by using data encrypted by AWS KMS.
Puppetfile
mod 'puppetlabs-ruby_plugin_helper', '0.1.0'
mod 'martezr-bolt_aws_kms', git: 'https://github.com/martezr/bolt_aws_kms.git', ref: 'master'
Install the required modules
bolt puppetfile install
Install AWS KMS Gem
This plugin utilizes the aws-sdk-kms ruby gem to interact with AWS KMS to decrypt the cyphertext and the gem must be installed before the plugin can be used.
/opt/puppetlabs/bolt/bin/gem install aws-sdk-kms
The resolve reference plugin can be used to load data from multiple files into a central bolt inventory file.
cyphertext: The cypher text generated by AWS KMS that will be decrypted.
For example, to load user specific credentials into the inventory file.
---
# inventory.yaml
version: 2
targets:
- uri: linuxnode01.grt.local
config:
transport: ssh
ssh:
user: root
private-key:
key-data:
_plugin: bolt_aws_kms
cyphertext: 010202007813b82f8a8ef502385028350283503285023