Jerakia Release Notes 2.x


  • Now available for more platforms on pkgr including RHEL6
  • Feature: Added consul datasource link
  • Feature: API now returns an additional field of found, this is useful for diferentiating between a value that is not found and a value that is explicitly set to null. link
  • Feature: Added dig output handler for returning subsets of returned data link
  • Feature: Added lookup_key flag to the HTTP datasource link
  • Bugfix: Datasource arguments were not processing defaults correctly, this is now fixed link
  • Bugfix: Docker image build failing with missing gem dependency, fixed. link


  • Feature: API now supports optional data encoding type of messagepack. The default behaviour is still JSON as with previous versions, but now if you specify a content type of application/x-msgpack (and encode your payload with msgpack) then Jerakia will return responses in msgpack instead of JSON. This has some small performance gains but also solves an issue with JSON encoding integer hash keys as strings ( This is currently an opt-in change, however we aim to make msgpack the default serialization format for Jerakia 3. Thanks to @hhenkel for the contribution (

  • Enhancement: Better error reporting and softer handling of situations where there is no logfile. Jerakia will no longer cause an exception to be thrown if the logfile cannot be opened, instead it will direct logs to STDOUT with a warning to the user, and continue executing. The previous behaviour was frustrating, especially when using the rubygem installation method that doesn’t set up all the scaffolding for you. Other errors such as failure to open the database files are also better reported and more understandable. Any Jerakia::Error thrown on the CLI is now captured and reported back in an easier to understand way


  • Enhancement: Added --bind, --port and --token_ttl options to jerakia server to override these values from the CLI


  • New feature: config CLI option to display current runtime configuration
  • Fix: Better descrption of –verbose and –debug for server CLI options
  • Fix: plugindir default of /var/lib/jerakia/plugins added
  • Fix: More meaningful error message when a policy is not found, now throws a proper Jerakia::PolicyError exception


  • Tighter permissions on logfile and configuration file when installing with system packages (
  • Bugfix: An issue in 2.0.0 meant that if you use stop with a confine or exclude statement in a lookup, that the lookup never actually gets invoked (
  • Fixed issues installing on Debian using apt (
  • Fixed HTTP datasource to be compatible with the new datasource API (
  • Fixed validation of datasource parameters when nil and not mandatory


The main additions for 2.0 are the introduction of encryption as a first class citizen and integration with the transit secret backend for vault to provide encryption. We’ve also changed the API for datasources to make them easier to write.


2.0 removes some features, particularly around Puppet integration that are now available as a third party plugin rather than shipped in Jerakia core.


  • Introduced encryption as a first class citizen to Jerakia
  • Encryption services are now pluggable with the default being Vault transit
  • The output provider :encryption now uses whichever encryption provider has been configured
  • API changes to data sources to make them more understandable
  • Lookups can now be accepted without a key or a namespace, this is paving the way for data sources that can potentially be keyless - eg: return all data in one query.
  • The legacy Puppet data binding terminus and Hiera 3.x backend have been removed from core but are still available with the jerakia-puppet rubygem.
  • Integration with Puppet 4.9+ is now via a Hiera 5 data provider function in the crayfishx/jerakia Puppet module