Sensitive types in the Puppet language are strings marked as sensitive. The value is displayed in plain text in the catalog and manifest, but is redacted from logs and reports. Because the value is maintained as plain text, use it only as an aid to ensure that sensitive values are not inadvertently disclosed.
Sensitive type can be written
Sensitive.new(val), or the short form
Sensitivetype is parameterized, but the parameterized type (the type of the value it contains) only retains the basic type. Sensitive information about the length or details about the contained data value can otherwise be leaked.
It is therefore not possible to have detailed data types and expect that the data
type match. For example,
green]] fails if a value of
Sensitive('red') is given. When a sensitive type is used, the
type parameter must be generic; in this example a
Sensitive[String] instead would match
The example manifest would log the following notice:
$secret = Sensitive('myPassword') notice($secret)
To gain access to the original data, use the
Notice: Scope(Class[main]): Sensitive [value redacted]
$secret = Sensitive('myPassword') $processed = $secret.unwrap notice $processed
unwrap only as an aid for logs and reports. The data is not