• Quickstart Tutorial
• Basics
• Installing
• Configuring
• Understanding Hierarchical Lookups
• Jerakia Lookups
• Command line interface
• Lookups
• Using lookup plugins
• Hiera lookup plugin
• Writing custom lookup plugins
• Schemas
• Datasources
• File datasource
• Consul datasource
• HTTP datasource
• Dummy datasource
• Encrpytion
• Vault provider
• Output Filters
• strsub
• encryption
• dig
• Scope Handlers
• Integrating Jerakia
• Puppet
• Ansible
• Jerakia Server
• Usage
• Authentication tokens
• API documentation
• Contributing
• 30 second spin up!
• Commercial Support
• Release Notes

Encryption

From Jerakia 2.0.0, encryption is a built in feature. Jerakia has several features to decrypt and encrypt data that it achieves this by implementing a pluggable encryption provider that is configurable. When a working encryption provider is enabled and configured, you can use the encryption output filter to automatically detect encrypted data and decrypt it on the fly when performing lookups.

CLI Commands

The Jerakia CLI has a command called secret to perform encryption tasks on the command line. Until a provider is configured, there will be no sub commands available;

[[email protected] functions]# jerakia help secret
Commands:
  jerakia secret help [COMMAND]  # Describe subcommands or one specific subcommand

To enable encryption, you must specify a provider in /etc/jerakia/jerakia.yaml

The default provider that ships with Jerakia is vault

encryption:
  provider: vault

Now Jerakia will load the provider and it’s capabilities are advertised, so we can now see we have encrypt and decrypt commands available

# jerakia help secret
Commands:
  jerakia secret decrypt <encrypted value>  # Decrypt an encrypted value
  jerakia secret encrypt <string>           # Encrypt a plain text string
  jerakia secret help [COMMAND]             # Describe subcommands or one specific subcommand

In order to make use of this provider, you must configure the Vault provider.