Autosigning certificates

As your Puppet environment grows, manually signing certificates can become an issue. This is particularly true in cases where machines are being created automatically due to scaling, or because a cluster is expanding.

Puppet contains two primary methods to assist with this. They are basic autosign and policy-based autosign. In basic autosign, we give a list of hosts that we will sign certificates for. With policy-based autosign, we call an external script that allows us to determine whether a given certificate request is signed. We'll now cover these types of autosign methodologies and their potential use cases.

There exists a third type of autosign, which is used to simply tell the master to sign all certificates. It is ...

Get Learning Puppet Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.