Puppet users - Feb 2014 - Creating new eyaml entries when private key is not available

Our plan for eyaml is that operations owns and protects the private key. 
 So developers only have access to the public key and after creating new 
encrypted values cannot decrypt them. Unless I'm missing something, 
developers won't be able to use 'eyaml edit' because it requires the
private key. As far as I can tell, the workflow in developer space is...
> eyaml -s [string you want encrypted]
Then paste the ENC[] text into the .eyaml file and save it back to the git 
repo.

That's a reasonably tight workflow, I'm just wondering if I missed a
better
one.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cc11484e-2def-40ad-9dd4-4b8c2ac528e2%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.