BlackBox: Safely Storing Secrets and Credentials in Git for Use by Puppet

How do you safely manage secrets such as passwords and SSL certificates via Puppet? "Blackbox" is a system that uses GnuPG to store secrets in encrypted form but deliver them to Puppet clients that need them "in the clear". This permits the safe storage of secrets in Git (or any SCCS) and manage them with Puppet. Blackbox was created to solve this problem at StackExchange, Inc (home of StackOverflow and ServerFault) and was open sourced this month ( https://github.com/StackExchange/blackbox ) is a relatively simple system based on GuPG, Hiera and Puppet.

About the speaker:

Thomas A. Limoncelli is an internationally recognized author, speaker, and system administrator. His best known books include Time Management for System Administrators (OReilly) and The Practice of System and Network Administration (Addison-Wesley). He works in New York City at Stack Exchange, home of ServerFault.com and StackOverflow.com. Previously he’s worked at small and large companies including Google, Bell Labs / Lucent, AT&T.

http://EverythingSysadmin.com is his blog. His new book, “The Practice of Cloud Administration” ships in October 2014.