As your Puppet Master is a tool that configures your systems, ensuring that it is secure is very important. Puppet can change any facet of the systems under management. Since it can cause great damage to systems as well as create numerous security issues if compromised, it is very important to ensure that your Puppet Master is properly secured. For instance, if your Puppet Master is compromised, it is easy to add a user to every system under management, add that user to sudoers, and reconfigure SSH to allow the user to log in.

Luckily, Puppet has a fairly secure, out-of-the-box configuration. However, as your environment grows and you use more advanced features, you'd want to review how to secure your Puppet environment. ...