Vault Background

Agent Side Lookups with HashiCorp Vault and Puppet 6

HashiCorp Vault and Puppet go together like chocolate and peanut butter: one is one of the most mature configuration management tools, the other is a leader in secrets management. But previously, if you wanted to use them in a Puppet-focused workflow, you had to do this from a top-down based model using Hiera: the Vault connections were only between the Puppet server and Vault, limiting the options you had in terms of authentication. The new Puppet 6 release comes with a new feature - deferred functions - that enable more authentication methods and new workflows when used with Vault for secrets management.


  • Peter Souter

    Peter Souter

    Technical Account Manager, HashiCorp
  • Chris Barker

    Chris Barker

    Senior Principal Integration Engineer, Puppet

Register For Live Webinar

Select an option
  • Heard of Vault
  • Read materials
  • Downloaded Vault Open Source
  • Used Vault Open Source (non-production)
  • Used Vault Open Source in production
  • Multiple users of Vault Open Source in production
  • Experience with Vault Enterprise

» Deferred functions in Puppet 6 unlocks new authentication methods and workflows

The release of Puppet 6 came with a new feature, deferred functions; functions that are agent-based rather than master based. This allows us much deeper leverage of Vault: instead of being locked into a more basic hiera hierarchy, we can use any authentication method available to us on the agent side, including leveraging the existing CA from the Puppet master with the Vault certificate backend.

In this webinar, Peter Souter will demonstrate how the new deferred function feature in Puppet 6 can be used to perform Vault lookups from an agent side and how this allows for new workflows for secrets management with Vault when using Puppet as a configuration management tool.

» Join us to learn:

  • How to configure the Vault cert backend with the Puppet CA certificates
  • Using the vault_lookup function to leverage the cert backend for authentication
  • Leveraging other auth methods for Vault lookups from a Puppet agent

Agenda (PDT)

  • 8:00 - 8:10 AM Introductions: Lin Ling (HashiCorp)
  • 8:10 - 8:45 AM Presentation
  • 8:45 - 8:55 AM Q&A
  • 8:55 - 9:00 AM Closing remarks and last call for questions

Everyone who registers for the webinar will receive a link to the webinar recording after post-processing (usually 1-2 days).

» View all of our upcoming webinars on our Events page.

Stay Informed

Subscribe to our monthly newsletter to get the latest news and product updates.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now