As your Puppet environment grows, manually signing certificates can become an issue. This is particularly true in cases where machines are being created automatically due to scaling, or because a cluster is expanding.
Puppet contains two primary methods to assist with this. They are basic autosign and policy-based autosign. In basic autosign, we give a list of hosts that we will sign certificates for. With policy-based autosign, we call an external script that allows us to determine whether a given certificate request is signed. We'll now cover these types of autosign methodologies and their potential use cases.
There exists a third type of autosign, which is used to simply tell the master to sign all certificates. It is ...