Controlling file permissions with Puppet without controlling content.

Jan 6, 2016 · 1 min read ·

Sometimes, we want to control the permissions of a file in Puppet without worrying about the file contents.

As an example, we might need to deploy a private/public key pair - we don't want to place the keys in the git repo to ensure the private key isn't exposed, but we want to ensure the file has the correct permissions.

This might be old hat, but it wasn't obvious to me from the PuppetLabs documentation, but if you don't specify a source or content field in a file resource, you can set permissions, owner etc. without Puppet changing the contents of the file - so for example, you could use something like:

1file { '/tmp/private_key' :
2  ensure => present,
3  owner  => root,
4  group  => root,
5  mode   => 0400
6}