hiera.yaml

---
version: 5

defaults:
  datadir: modules/hieradata/data # Data in separated module, defined in Puppetfile
# datadir: hieradata              # Data in control-repo. Previous psick setting
# datadir: data                   # Data in control-repo. Default for puppetlabs/control-repo

hierarchy:
#  - name: "ServiceNow Hiera data"
#    data_hash: servicenow_cmdb_integration::getvar
#    options:
#      var: trusted.external.servicenow.hiera_data
  - name: "Eyaml hierarchy"
    lookup_key: eyaml_lookup_key # eyaml backend
    paths:
      - "nodes/%{trusted.certname}.yaml"
      - "role/%{::role}-%{::env}.yaml"
      - "role/%{::role}.yaml"
      - "zone/%{::zone}.yaml"
      - "common.yaml"
    options:
      pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem
      pkcs7_public_key:  /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
# These Hiera eyaml keys are needed only when encrypted data is used.
# If needed the above keys have to be placed on every node that compiles catalogs:
# not only puppet servers, but also test servers, ci runners, local dev stations.
# Use the hierarchy to override encrypted keys with dummy clear text values, in order
# to limit the nodes where to copy keys.