NOTE This repo is archived. This is still available under the licensing terms, but is not being actively developed or updated any further. Please see DelineaXPM for active projects.
This Puppet module facilitates the consumption of secrets from Thycotic Secret Server(TSS).
In order to use either Secret Server, you must first ensure that the corresponding Ruby SDK is available via the puppetserver gem installer.
# Install Secret Server SDK
puppetserver gem install tss-sdk
You must also use a supported OS. See limitations for a list of supported operating systems.
This module can be cloned directly into your modules/
folder for your environment and rename the folder to tss/
so that puppets is able to compile the catalog and find the tss
resource. You can validate this by running puppet module list
to ensure Puppet recognizes it as a valid module.
Your TSS secret can be made available by initiating a single class:
class { 'tss': }
If you would like to return the secrets metadata in addition to the secret itself, you can set the dsv::metadata
property to true
. The default is false
.
You can access your returned secret with the tss::secret
property.
It is recommended that you use Hiera for configuration.
tss
requires the following properties to be set:
username
— The client's username for authenticationpassword
— The client's password for authenticationserver_url
— The full qualified server URLsecret_id
— The id of the required secret.
An example:
# Example config in common.yaml
tss::username: definitelynotroot
tss::password: notrooteither
tss::server_url: https://mysecretserver.org
tss::secret_id: 1
This module currently supports the following operating systems:
- Ubuntu 18.04
- CentOS 7