Request: eyaml and/or PGP support
glisignoli opened this issue · 0 comments
Is have eyaml or GPG support something that should/could be added to this backend? I don't see a generic hiera function that could be used for decrypting paramaters brought from a custom backend.
I figure there is already transport security with SSL/TLS but having secrets encrypted in the lookup location would add an extra layer of security.
Allowing administrators to store encrypted variables in a http based backed, and allowing hiera-http to decrypt these variables before passing them to hiere would solve keeping plain text secrets in the lookup location and not require a separate hiera-http backend to be used.
I'm interested if this is the right place to impliment this feature, or if a better solution already exists.