config/hiera.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

---
version: 5
defaults:
  datadir: "config"
  data_hash: "yaml_data"
hierarchy:
  #
  # Put in the secrets folder all sensitive information that
  # wont be spread into every system if you"re using the Hydra Suite.
  #
  # We also recommend to leave only encrypted data in your hiera config.
  #
  - name: "encrypted secrets"
    path: "secrets/node/%{facts.fqdn}.yaml"
    lookup_key: eyaml_lookup_key
    options:
      # If using the pkcs7 encryptor (default)
      pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem"
      pkcs7_public_key:  "%{settings::confdir}/keys/public_key.pkcs7.pem"

  - name: "regular secrets"
    paths:
      - "secrets/role/%{facts.role}.yaml"
      - "secrets/location/%{facts.location}.yaml"
      - "secrets/domain/%{facts.domain}.yaml"

  #
  # All other stuff goes in regular YAML files.
  #
  - name: "public"
    paths:
      - "node/%{facts.fqdn}.yaml"
      - "role/%{facts.role}.yaml"
      - "virtual/%{facts.virtual}.yaml"
      - "location/%{facts.location}.yaml"
      - "domain/%{facts.domain}.yaml"
      - "compiled.yaml"
      - "common.yaml"