Encryption

From Jerakia 2.0.0, encryption is a built in feature. Jerakia has several features to decrypt and encrypt data that it achieves this by implementing a pluggable encryption provider that is configurable. When a working encryption provider is enabled and configured, you can use the encryption output filter to automatically detect encrypted data and decrypt it on the fly when performing lookups.

CLI Commands

The Jerakia CLI has a command called secret to perform encryption tasks on the command line. Until a provider is configured, there will be no sub commands available;

[root@puppet functions]# jerakia help secret
Commands:
  jerakia secret help [COMMAND]  # Describe subcommands or one specific subcommand

To enable encryption, you must specify a provider in /etc/jerakia/jerakia.yaml

The default provider that ships with Jerakia is vault

encryption:
  provider: vault

Now Jerakia will load the provider and it’s capabilities are advertised, so we can now see we have encrypt and decrypt commands available

# jerakia help secret
Commands:
  jerakia secret decrypt <encrypted value>  # Decrypt an encrypted value
  jerakia secret encrypt <string>           # Encrypt a plain text string
  jerakia secret help [COMMAND]             # Describe subcommands or one specific subcommand

In order to make use of this provider, you must configure the Vault provider.