Use secretbox to store randomly generated passwords

sdodson · sdodson · commit 91075d272dfa · 2014-11-24T09:32:50.000-05:00
Secretbox is a function that generates a random password on first call and then retrieves those values for subsequent calls. This works in both master and masterless environments. See: https://forge.puppetlabs.com/sdodson/secretbox
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -2,6 +2,7 @@ fixtures:
   repositories:
     lokkit:        "git://github.com/rharrison10/puppet-lokkit.git"
     ntp:           "git://github.com/puppetlabs/puppetlabs-ntp.git"
+    secretbox:     "git://github.com/sdodson/puppet-secretbox.git"
     selinux_types: "git://github.com/blentz/puppet-selinux_types.git"
     stdlib:        "git://github.com/puppetlabs/puppetlabs-stdlib.git"
     sysctl:        "git://github.com/duritong/puppet-sysctl.git"
diff --git a/Modulefile b/Modulefile
@@ -13,3 +13,4 @@ dependency 'blentz/selinux_types', '>=0.1.0'
 dependency 'puppetlabs/haproxy', '>=0.4.1'
 dependency 'arioch/keepalived', '>=0.0.10'
 dependency 'duritong/sysctl', '>=0.0.6'
+dependency 'sdodson/secretbox', '>=0.1.2'
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -807,7 +807,7 @@
   $msgserver_cluster_members            = undef,
   $mcollective_cluster_members          = undef,
   $msgserver_password                   = 'changeme',
-  $msgserver_admin_password             = inline_template('<%= require "securerandom"; SecureRandom.base64 %>'),
+  $msgserver_admin_password             = secretbox('msgserver_admin_password',16,'base64'),
   $mcollective_user                     = 'mcollective',
   $mcollective_password                 = 'marionette',
   $mongodb_admin_user                   = 'admin',
@@ -825,7 +825,7 @@
   $mongodb_key                          = 'changeme',
   $openshift_user1                      = 'demo',
   $openshift_password1                  = 'changeme',
-  $conf_broker_auth_salt                = inline_template('<%= require "securerandom"; SecureRandom.base64 %>'),
+  $conf_broker_auth_salt                = secretbox('conf_broker_auth_salt',16,'base64'),
   $conf_broker_auth_private_key         = undef,
   $conf_broker_session_secret           = undef,
   $conf_broker_multi_haproxy_per_node   = false,
diff --git a/metadata.json b/metadata.json
@@ -59,6 +59,10 @@
         {
             "name": "duritong/sysctl",
             "version_requirement": ">=0.0.6"
+        },
+        {
+            "name": "sdodson/secretbox",
+            "version_requirement": ">=0.1.2"
         }
     ]
 }

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,10 @@`
`59`	`59`	`{`
`60`	`60`	`"name": "duritong/sysctl",`
`61`	`61`	`"version_requirement": ">=0.0.6"`
	`62`	`+ },`
	`63`	`+ {`
	`64`	`+ "name": "sdodson/secretbox",`
	`65`	`+ "version_requirement": ">=0.1.2"`
`62`	`66`	`}`
`63`	`67`	`]`
`64`	`68`	`}`