Make the following settings in hiera.yaml to enable the hiera-eyaml backend, and provide access to the keys and data files:
- Set the lookup_key property to the value eyaml_lookup_key in order to use the new eyaml backend
- Add the locations of the encryption keys to the options hash
- Change all the file paths to eyaml rather than YAML file extensions:
--- version: 5 hierarchy: - name: "Encrypted and regular data" lookup_key: eyaml_lookup_key paths: - “nodes/%{trusted.certname}.eyaml” - “%{facts.application}.eyaml” - “%{server_facts.environment}.eyaml” - “%{facts.datacenter}.eyaml” - "common.eyaml" options: pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem pkcs7_public_key: /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem ...