hiera-eyaml 2.1.0 → 3.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 021e11612889fd5f49208b233150bc0d131ede79
-  data.tar.gz: ae80275145e1170d559991ad329ae3bafb015ab2
+SHA256:
+  metadata.gz: 67081f4016df05d739c387a5565632e3af0afa51367b505f3552b6c008a47c93
+  data.tar.gz: 573dfd56dc711d1b4722a67fc42a558c50eb38f43d56d3fccb79fe0d21d2a766
 SHA512:
-  metadata.gz: 37a03638a582c4d88e4be20ed9c41157214c6bd1c3c8d6a061739cf131a394069a7f44504f1046315be471aad7b85cdf525b9b51ed50f92823c53593c7973887
-  data.tar.gz: 7efec4883b74f67cabf25848a0a34aae30de1426c5f5cd4d15ed80e1d24b20145976c7341bb28e22894a81f6e15a5d4c1cc964fd1902cfce986ff4253175138f
+  metadata.gz: 40e0c1fa73fe82f1b563580d0b4cdf26f402e1c9ee4d7c0b023ed9ad1941ced96f60dbb6e26fbefe3dce99a0b1c0e2816efbec09263b57c9ff5589d727353434
+  data.tar.gz: 86313762de24804bde617a78f865f3686e1d5ef0f011b4e5e786f0ec7401c9caac0702fb67ca332ab107b6f81dc0c674bea9ff268bab7f985c582a8ad21c0ad9

data/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  create:
+    ref_type: tag
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    if: github.repository == 'voxpupuli/hiera-eyaml'
+    env:
+      BUNDLE_WITHOUT: release
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby 2.7
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '2.7'
+      - name: Build gem
+        run: gem build *.gemspec
+      - name: Publish gem
+        run: gem push *.gem
+        env:
+          GEM_HOST_API_KEY: '${{ secrets.RUBYGEMS_AUTH_TOKEN }}'

data/.github/workflows/test.yml

@@ -0,0 +1,31 @@
+name: Test
+
+on:
+  - pull_request
+  - push
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - "2.5"
+          - "2.6"
+          - "2.7"
+    env:
+      BUNDLE_WITHOUT: release
+      PUPPET_VERSION: "~> 6.0"
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install expect
+        run: sudo apt-get install expect
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec cucumber -f progress

data/.gitignore

@@ -9,3 +9,11 @@ tmp/
 .ruby-version
 .ruby-gemset
 Gemfile.lock
+.*.sw?
+vendor/
+.bundle/
+features/sandbox/puppet-hiera-merge/reports
+features/sandbox/puppet-hiera-merge/state
+features/sandbox/puppet/reports
+features/sandbox/puppet/state
+.vendor/

data/CHANGELOG.md

@@ -0,0 +1,185 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [v3.2.1](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.1) (2021-02-16)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.2.0...v3.2.1)
+
+**Fixed bugs:**
+
+- remove question mark from regex in encrypted? method [\#313](https://github.com/voxpupuli/hiera-eyaml/pull/313) ([mcka1n](https://github.com/mcka1n))
+- Fix block folding [\#307](https://github.com/voxpupuli/hiera-eyaml/pull/307) ([kenyon](https://github.com/kenyon))
+- add step-by-step how-to encrypting multiline values [\#304](https://github.com/voxpupuli/hiera-eyaml/pull/304) ([kBite](https://github.com/kBite))
+
+**Closed issues:**
+
+- eyaml edit should produce evenly folded blocks. [\#281](https://github.com/voxpupuli/hiera-eyaml/issues/281)
+- Support version 4 hiera config [\#213](https://github.com/voxpupuli/hiera-eyaml/issues/213)
+
+**Merged pull requests:**
+
+- migrate CI to github actions [\#315](https://github.com/voxpupuli/hiera-eyaml/pull/315) ([bastelfreak](https://github.com/bastelfreak))
+- gemspec: fix repo url / Drop Puppet 4/5 tests [\#311](https://github.com/voxpupuli/hiera-eyaml/pull/311) ([bastelfreak](https://github.com/bastelfreak))
+- Unpin highline [\#310](https://github.com/voxpupuli/hiera-eyaml/pull/310) ([lucywyman](https://github.com/lucywyman))
+
+## [v3.2.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.0) (2020-01-31)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.1.1...v3.2.0)
+
+**Implemented enhancements:**
+
+- Permit reading private key from environment variable [\#294](https://github.com/voxpupuli/hiera-eyaml/pull/294) ([nferch](https://github.com/nferch))
+
+**Fixed bugs:**
+
+- Version 3.1.0 does not clear the private/public key when options are changed [\#289](https://github.com/voxpupuli/hiera-eyaml/issues/289)
+
+**Merged pull requests:**
+
+- \(doc\) Correct order for config file precedence [\#295](https://github.com/voxpupuli/hiera-eyaml/pull/295) ([crayfishx](https://github.com/crayfishx))
+- \(maint\) Update Gemfile and README for Ruby 2.5/2.4 [\#293](https://github.com/voxpupuli/hiera-eyaml/pull/293) ([glennsarti](https://github.com/glennsarti))
+
+## [v3.1.1](https://github.com/voxpupuli/hiera-eyaml/tree/v3.1.1) (2019-11-12)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.1.0...v3.1.1)
+
+**Merged pull requests:**
+
+- Revert "Cache key strings." [\#290](https://github.com/voxpupuli/hiera-eyaml/pull/290) ([alexjfisher](https://github.com/alexjfisher))
+
+## [v3.1.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.1.0) (2019-11-11)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.0.0...v3.1.0)
+
+**Implemented enhancements:**
+
+- Should be able to `edit` a new file [\#84](https://github.com/voxpupuli/hiera-eyaml/issues/84)
+- Cache key strings. [\#191](https://github.com/voxpupuli/hiera-eyaml/pull/191) ([mkulke](https://github.com/mkulke))
+
+**Closed issues:**
+
+- Decryption errors should return error code. [\#282](https://github.com/voxpupuli/hiera-eyaml/issues/282)
+- Release a new version [\#271](https://github.com/voxpupuli/hiera-eyaml/issues/271)
+
+**Merged pull requests:**
+
+- \(docs\) Update README with reference to hiera-eyaml-vault [\#287](https://github.com/voxpupuli/hiera-eyaml/pull/287) ([crayfishx](https://github.com/crayfishx))
+- fix: don't handle cli exceptions early [\#283](https://github.com/voxpupuli/hiera-eyaml/pull/283) ([stuart-warren](https://github.com/stuart-warren))
+- Adding doc for Google KMS plugin [\#279](https://github.com/voxpupuli/hiera-eyaml/pull/279) ([craigwatson](https://github.com/craigwatson))
+- catch failed decryption and print a helpful message [\#144](https://github.com/voxpupuli/hiera-eyaml/pull/144) ([GeoffWilliams](https://github.com/GeoffWilliams))
+
+## [v3.0.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.0.0) (2019-01-17)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v2.1.0...v3.0.0)
+
+This is the first release after this project was migrated to Vox Pupuli.
+
+**Breaking changes:**
+
+- Upgrading trollop to optimist to remove deprecation warnings [\#268](https://github.com/voxpupuli/hiera-eyaml/pull/268) ([chadlyon](https://github.com/chadlyon))
+
+**Implemented enhancements:**
+
+- Don't use SHA1 for the digest [\#257](https://github.com/voxpupuli/hiera-eyaml/issues/257)
+- Update to make use of Backend.datasourcefiles\(\) [\#92](https://github.com/voxpupuli/hiera-eyaml/issues/92)
+- allow setting an individual keysize [\#227](https://github.com/voxpupuli/hiera-eyaml/pull/227) ([tuxmea](https://github.com/tuxmea))
+
+**Fixed bugs:**
+
+- on OSX, eyaml isn't expanding `~` into /Users/$USER [\#170](https://github.com/voxpupuli/hiera-eyaml/issues/170)
+- Performance bug: unnecessary double-decryption of blocks [\#182](https://github.com/voxpupuli/hiera-eyaml/pull/182) ([peculater](https://github.com/peculater))
+
+**Closed issues:**
+
+- PuppetDB gets base64 encoded string on exported ressources [\#273](https://github.com/voxpupuli/hiera-eyaml/issues/273)
+- DEPRECATION - trollop gem is deprecated, need to switch to optimist [\#267](https://github.com/voxpupuli/hiera-eyaml/issues/267)
+- Puppet can't find key on server [\#266](https://github.com/voxpupuli/hiera-eyaml/issues/266)
+- Re-encryption is broken [\#258](https://github.com/voxpupuli/hiera-eyaml/issues/258)
+- AWS KMS/IAM integration? [\#234](https://github.com/voxpupuli/hiera-eyaml/issues/234)
+- Feature Request: Ability to use edit without the private key [\#231](https://github.com/voxpupuli/hiera-eyaml/issues/231)
+- Not decrypting/working with puppetserver 2.7.2 \(Function lookup\(\) did not find a value for the name\) [\#228](https://github.com/voxpupuli/hiera-eyaml/issues/228)
+- Allow stronger than 2048 bit keys [\#226](https://github.com/voxpupuli/hiera-eyaml/issues/226)
+- failed: DataBinding 'hiera': No such file or directory - /var/lib/puppet/keys/private\_key.pkcs7.pem [\#225](https://github.com/voxpupuli/hiera-eyaml/issues/225)
+- Migrate to Vox Pupuli [\#224](https://github.com/voxpupuli/hiera-eyaml/issues/224)
+- Allow to `decrypt` while keeping the "DEC::..." [\#217](https://github.com/voxpupuli/hiera-eyaml/issues/217)
+- secret in the logs [\#216](https://github.com/voxpupuli/hiera-eyaml/issues/216)
+- eyaml produces base64 string for complex data [\#209](https://github.com/voxpupuli/hiera-eyaml/issues/209)
+- Hiera-eyaml cannot decrypt with key, plain gpg works [\#206](https://github.com/voxpupuli/hiera-eyaml/issues/206)
+- Unable to decrypt on remote nodes [\#202](https://github.com/voxpupuli/hiera-eyaml/issues/202)
+- Backend not found in tests [\#200](https://github.com/voxpupuli/hiera-eyaml/issues/200)
+- ArgumentError [\#193](https://github.com/voxpupuli/hiera-eyaml/issues/193)
+- High CPU consumption  [\#192](https://github.com/voxpupuli/hiera-eyaml/issues/192)
+- hiera call from manifeast not able to locate key [\#174](https://github.com/voxpupuli/hiera-eyaml/issues/174)
+- PE 3.8  - sporadically failing to load eyaml backend. [\#173](https://github.com/voxpupuli/hiera-eyaml/issues/173)
+- eyaml and templates [\#171](https://github.com/voxpupuli/hiera-eyaml/issues/171)
+- cucumber failures with puppet 3.7.5 [\#154](https://github.com/voxpupuli/hiera-eyaml/issues/154)
+- issue with jruby under PE 3.7 [\#150](https://github.com/voxpupuli/hiera-eyaml/issues/150)
+- hiera eyaml does not work on PE 3.7.2 [\#126](https://github.com/voxpupuli/hiera-eyaml/issues/126)
+- invalid byte sequence in UTF-8 on encrypted binary [\#124](https://github.com/voxpupuli/hiera-eyaml/issues/124)
+- having an issue when loding hiera-eyaml [\#117](https://github.com/voxpupuli/hiera-eyaml/issues/117)
+- Puppet hiera\(\): Cannot load backend eyaml: no such file to load [\#115](https://github.com/voxpupuli/hiera-eyaml/issues/115)
+- Public/private keys undefined for Vagrant [\#101](https://github.com/voxpupuli/hiera-eyaml/issues/101)
+- bug in hiera 1.3.2-1 vs rubygem-hiera 1.3.2-1 [\#85](https://github.com/voxpupuli/hiera-eyaml/issues/85)
+- Errors of yaml and no eyaml files exist. Fine if just eyaml files exist. [\#82](https://github.com/voxpupuli/hiera-eyaml/issues/82)
+
+**Merged pull requests:**
+
+- Use UTF-8 as the encoding for plain text data [\#274](https://github.com/voxpupuli/hiera-eyaml/pull/274) ([jarretlavallee](https://github.com/jarretlavallee))
+- Fix regem.sh shebang, it does not need bash [\#265](https://github.com/voxpupuli/hiera-eyaml/pull/265) ([AMDmi3](https://github.com/AMDmi3))
+- Allow selection of digest, default to SHA256 [\#261](https://github.com/voxpupuli/hiera-eyaml/pull/261) ([juniorsysadmin](https://github.com/juniorsysadmin))
+- expand README on whole-file encryption usage [\#260](https://github.com/voxpupuli/hiera-eyaml/pull/260) ([jflorian](https://github.com/jflorian))
+- Add encrypt-only flag for 'edit' command. [\#256](https://github.com/voxpupuli/hiera-eyaml/pull/256) ([benjunmun](https://github.com/benjunmun))
+- Test only with current Puppet and Ruby combination [\#254](https://github.com/voxpupuli/hiera-eyaml/pull/254) ([vinzent](https://github.com/vinzent))
+- Update \#{self.prefix} to match yamllint rules [\#248](https://github.com/voxpupuli/hiera-eyaml/pull/248) ([jordanconway](https://github.com/jordanconway))
+- Fix badge, link to AWS KMS/IAM integration [\#245](https://github.com/voxpupuli/hiera-eyaml/pull/245) ([rnelson0](https://github.com/rnelson0))
+- Remove tildes that don't expand from configuration examples [\#242](https://github.com/voxpupuli/hiera-eyaml/pull/242) ([rnelson0](https://github.com/rnelson0))
+- Disable deprecation warnings [\#241](https://github.com/voxpupuli/hiera-eyaml/pull/241) ([rnelson0](https://github.com/rnelson0))
+- Add a cache for decrypted values [\#240](https://github.com/voxpupuli/hiera-eyaml/pull/240) ([stlava](https://github.com/stlava))
+- Suppressing logging of configuration files on init [\#237](https://github.com/voxpupuli/hiera-eyaml/pull/237) ([sigv](https://github.com/sigv))
+- Update the keys' example directory [\#236](https://github.com/voxpupuli/hiera-eyaml/pull/236) ([sigv](https://github.com/sigv))
+- Modify edit command to not recrypt unchanged values [\#233](https://github.com/voxpupuli/hiera-eyaml/pull/233) ([ccojocar](https://github.com/ccojocar))
+- Modify recrypt command to allow recrypting file with different encryp… [\#232](https://github.com/voxpupuli/hiera-eyaml/pull/232) ([ccojocar](https://github.com/ccojocar))
+- \(docs\) Update README with instructions for using Hiera 5 [\#229](https://github.com/voxpupuli/hiera-eyaml/pull/229) ([nfagerlund](https://github.com/nfagerlund))
+- Attempt to resolve Travis CI issues [\#220](https://github.com/voxpupuli/hiera-eyaml/pull/220) ([rnelson0](https://github.com/rnelson0))
+- Make it clear that the ID and parens must be deleted, not just the ID [\#188](https://github.com/voxpupuli/hiera-eyaml/pull/188) ([sdotz](https://github.com/sdotz))
+- Refactor highline import [\#187](https://github.com/voxpupuli/hiera-eyaml/pull/187) ([petems](https://github.com/petems))
+- Adding hiera-eyaml-kms plugin to readme file [\#184](https://github.com/voxpupuli/hiera-eyaml/pull/184) ([adenot](https://github.com/adenot))
+- Make output of `eyaml decrypt` valid yaml with multiline values. [\#183](https://github.com/voxpupuli/hiera-eyaml/pull/183) ([peculater](https://github.com/peculater))
+- Add testing support for puppet 4 [\#181](https://github.com/voxpupuli/hiera-eyaml/pull/181) ([peculater](https://github.com/peculater))
+
+## v2.1.0 (2016-03-02)
+
+ - (#187) - Change the way third party highline library is imported to avoid memory leak when running under puppet server (@petems)
+ - (#181) - Improve test suite to run against a variety of puppet versions (@peculater)
+
+## v2.0.8 (2015-04-15)
+
+ - (#149) - Fix to tempfile permissions and invalid editor scenario (@elyscape)
+
+## v2.0.7 (2015-03-04)
+
+ - (#142) - Fixed highline dependency to exclude newer versions that are not compatible with ruby 1.8.7 (@elyscape)
+ - (#136) - \t and \r characters are now supported in encrypted blocks (@elyscape)
+ - (#138) - Added missing tags and new tagging tool (@elyscape)
+
+## v2.0.6 (2014-12-13)
+
+ - (#131) - Fix another EDITOR bug (#130) that could erase command line flags to the specified editor (@elyscape)
+
+## v2.0.5 (2014-12-11)
+
+ - (#128) - Fix a bug (#127) that caused `eyaml edit` to break when `$EDITOR` was a command on PATH rather than a path to a command (@elyscape)
+
+## v2.0.4 (2014-11-24)
+
+ - Add change log
+ - (#118) - Some initial support for spaces in filenames (primarily targeted at windows platforms) (@elyscape)
+ - (#114) - Add new config file resolution so that a system wide /etc/eyaml/config.yaml is processed first (@gtmtech)
+ - (#112) - Improve debugging options and colorise output (@gtmtech)
+ - (#102) - Extension of temp files should be yaml to help editors provide syntax highlighting (@ColinHebert)
+ - (#90), #121, #122 - Add preamble in edit mode to make it easier to remember how to edit (@sihil)
+ - (#96), #111, #116 - Various updates to docs
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

data/Gemfile

@@ -7,12 +7,11 @@ group :development do
   gem "cucumber", '~> 1.1'
   gem "rspec-expectations", '~> 3.1.0'
   gem "hiera-eyaml-plaintext"
-  gem "puppet", ENV['PUPPET_VERSION'] || '~> 3.8'
+  gem "puppet", ENV['PUPPET_VERSION'] || '>= 7'
+  gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes'
+  gem "activesupport"
 end
 
 group :test do
   gem "rake"
 end
-
-
-

data/{CHANGES.md → HISTORY.md}

@@ -1,30 +1,27 @@
-Change log for hiera-eyaml
-==========================
+## v2.1.0 (2016-03-02)
 
-2.0.8
------
+ - (#187) - Change the way third party highline library is imported to avoid memory leak when running under puppet server (@petems)
+ - (#181) - Improve test suite to run against a variety of puppet versions (@peculater)
+
+## v2.0.8 (2015-04-15)
 
  - (#149) - Fix to tempfile permissions and invalid editor scenario (@elyscape)
 
-2.0.7
------
+## v2.0.7 (2015-03-04)
 
  - (#142) - Fixed highline dependency to exclude newer versions that are not compatible with ruby 1.8.7 (@elyscape)
  - (#136) - \t and \r characters are now supported in encrypted blocks (@elyscape)
  - (#138) - Added missing tags and new tagging tool (@elyscape)
 
-2.0.6
------
+## v2.0.6 (2014-12-13)
 
  - (#131) - Fix another EDITOR bug (#130) that could erase command line flags to the specified editor (@elyscape)
 
-2.0.5
------
+## v2.0.5 (2014-12-11)
 
  - (#128) - Fix a bug (#127) that caused `eyaml edit` to break when `$EDITOR` was a command on PATH rather than a path to a command (@elyscape)
 
-2.0.4
------
+## v2.0.4 (2014-11-24)
 
  - Add change log
  - (#118) - Some initial support for spaces in filenames (primarily targeted at windows platforms) (@elyscape)
@@ -33,6 +30,3 @@ Change log for hiera-eyaml
  - (#102) - Extension of temp files should be yaml to help editors provide syntax highlighting (@ColinHebert)
  - (#90), #121, #122 - Add preamble in edit mode to make it easier to remember how to edit (@sihil)
  - (#96), #111, #116 - Various updates to docs
-
-2.0.3
------

data/README.md

@@ -1,18 +1,25 @@
 Hiera eyaml
 ===========
 
-[![Build Status](https://travis-ci.org/TomPoulton/hiera-eyaml.png?branch=master)](https://travis-ci.org/TomPoulton/hiera-eyaml)
+[![Build Status](https://travis-ci.org/voxpupuli/hiera-eyaml.png?branch=master)](https://travis-ci.org/voxpupuli/hiera-eyaml)
+[![Gem Version](https://img.shields.io/gem/v/hiera-eyaml.svg)](https://rubygems.org/gems/hiera-eyaml)
+[![Gem Downloads](https://img.shields.io/gem/dt/hiera-eyaml.svg)](https://rubygems.org/gems/hiera-eyaml)
 
-hiera-eyaml is a backend for Hiera that provides per-value encryption of sensitive data within yaml files 
+hiera-eyaml is a backend for Hiera that provides per-value encryption of sensitive data within yaml files
 to be used by Puppet.
 
-:new: *v2.0 - commandline tool syntax has changed, see below for details*
+-------------------------
+:new: **hiera-eyaml is now part of voxpupuli**
+
+hiera-eyaml has a new home https://github.com/voxpupuli/hiera-eyaml.
+
+Hopefully this will mean more frequent feature updates and bug fixes!
 
 Advantages over hiera-gpg
 -------------------------
 
-A few people found that [hiera-gpg](https://github.com/crayfishx/hiera-gpg) just wasn't cutting it for all use cases, 
-one of the best expressed frustrations was 
+A few people found that [hiera-gpg](https://github.com/crayfishx/hiera-gpg) just wasn't cutting it for all use cases,
+one of the best expressed frustrations was
 [written back in June 2013](http://slashdevslashrandom.wordpress.com/2013/06/03/my-griefs-with-hiera-gpg/). So
 [Tom created an initial version](http://themettlemonkey.wordpress.com/2013/07/15/hiera-eyaml-per-value-encrypted-backend-for-hiera-and-puppet/)
 and this was refined into an elegant solution over the following months.
@@ -21,14 +28,14 @@ Unlike `hiera-gpg`, `hiera-eyaml`:
 
  - only encrypts the values (which allows files to be swiftly reviewed without decryption)
  - encrypts the value of each key individually (this means that `git diff` is meaningful)
- - includes a command line tool for encrypting, decrypting, editing and rotating keys (makes it almost as 
+ - includes a command line tool for encrypting, decrypting, editing and rotating keys (makes it almost as
    easy as using clear text files)
- - uses basic asymmetric encryption (PKCS#7) by default (doesn't require any native libraries that need to 
+ - uses basic asymmetric encryption (PKCS#7) by default (doesn't require any native libraries that need to
    be compiled & allows users without the private key to encrypt values that the puppet master can decrypt)
- - has a pluggable encryption framework (e.g. GPG encryption ([hiera-eyaml-gpg](https://github.com/sihil/hiera-eyaml-gpg)) can be used 
+ - has a pluggable encryption framework (e.g. GPG encryption ([hiera-eyaml-gpg](https://github.com/sihil/hiera-eyaml-gpg)) can be used
    if you have the need for multiple keys and easier key rotation)
 
-The Hiera eyaml backend uses yaml formatted files with the .eyaml extension. The encrypted strings are prefixed with the encryption 
+The Hiera eyaml backend uses yaml formatted files with the .eyaml extension. The encrypted strings are prefixed with the encryption
 method, wrapped with ENC[] and placed in an eyaml file. You can mix your plain values in as well or separate them into different files.
 Encrypted values can occur within arrays, hashes, nested arrays and nested hashes.
 
@@ -75,17 +82,22 @@ This creates a public and private key with default names in the default location
 
 Since the point of using this module is to securely store sensitive information, it's important to store these keys securely.
 If using Hiera with Puppet, Your puppetmaster will need to access these keys to perform decryption when the puppet agent runs on a remote node.
-So for this reason, a suggested location might be to store them in `/etc/puppet/secure/keys` or `/var/lib/puppet/keys` depending on your setup.
+So for this reason, a suggested location might be to store them in `/etc/puppetlabs/puppet/eyaml` or `/var/lib/puppet/keys` depending on your setup.
 
 The permissions for this folder should allow the puppet user (normally 'puppet') execute access to the keys directory, read only access to the keys themselves and restrict everyone else:
 
-    $ chown -R puppet:puppet /etc/puppet/secure/keys
-    $ chmod -R 0500 /etc/puppet/secure/keys
-    $ chmod 0400 /etc/puppet/secure/keys/*.pem
-    $ ls -lha /etc/puppet/secure/keys
+    $ chown -R puppet:puppet /etc/puppetlabs/puppet/eyaml
+    $ chmod -R 0500 /etc/puppetlabs/puppet/eyaml
+    $ chmod 0400 /etc/puppetlabs/puppet/eyaml/*.pem
+    $ ls -lha /etc/puppetlabs/puppet/eyaml
     -r-------- 1 puppet puppet 1.7K Sep 24 16:24 private_key.pkcs7.pem
     -r-------- 1 puppet puppet 1.1K Sep 24 16:24 public_key.pkcs7.pem
 
+You may also load the keypair into an environment variable and use the `pkcs7_private_key_env_var` and `pkcs7_public_key_env_var` options to specify the environment variable names to avoid writing the secret key to disk.
+
+
+Basic usage
+-----------
 
 ### Encryption
 
@@ -109,17 +121,18 @@ To test decryption you can also use the eyaml tool if you have both keys
     $ eyaml decrypt -f filename               # Decrypt a file
     $ eyaml decrypt -s 'ENC[PKCS7,.....]'     # Decrypt a string
 
-### Editing eyaml files
+### Editing files with a mixture of eyaml-encrypted and plain-text content
 
-Once you have created a few eyaml files, with a mixture of encrypted and non-encrypted properties, 
-you can edit the encrypted values in place, using the special edit mode of the eyaml utility. Edit
-mode opens a decrypted copy of the eyaml file in your `$EDITOR` and will encrypt and modified values
-when you exit the editor.
+This is, perhaps, the most common use of eyaml where you have created a few
+eyaml files, with a mixture of encrypted and non-encrypted properties, you can
+edit the encrypted values in place, using the special edit mode of the eyaml
+utility. Edit mode opens a decrypted copy of the eyaml file in your `$EDITOR`
+and will encrypt and modified values when you exit the editor.
 
     $ eyaml edit filename.eyaml         # Edit an eyaml file in place
 
-When editing eyaml files, you will see that the unencrypted plaintext is marked to allow the eyaml tool to 
-identify each encrypted block, along with the encryption method. This is used to make sure that the block 
+When editing eyaml files, you will see that the unencrypted plaintext is marked to allow the eyaml tool to
+identify each encrypted block, along with the encryption method. This is used to make sure that the block
 is encrypted again only if the clear text value has changed, and is encrypted using the
 original encryption mechanism (see plugable encryption later).
 
@@ -150,17 +163,167 @@ things:
         - nested thing 2.1
 ```
 
-Whilst editing you can delete existing values and add new one using the same format (as below). Note that it is important to 
+Whilst editing you can delete existing values and add new one using the same format (as below). Note that it is important to
 omit the number in brackets for new values. If any duplicate IDs are found then the re-encryption process will be abandoned
 by the eyaml tool.
 
     some_new_key: DEC::PKCS7[a new value to encrypt]!
 
+### Encrypting an entire file
+
+While not as common, sometimes you need to encrypt an entire file.  Maybe this
+file is binary data that isn't meant for loading into an editor.  One example
+might be a Kerberos keytab file.  No problem!  Just encrypt the entire file:
+
+    $ eyaml encrypt -f filename
+
+As with encrypting short strings on the command-line, the encrypted equivalent
+will be sent to stdout as an ASCII text string and thus now plays nice with
+your editor.  Notice that the file itself, however, remains unchanged.  The
+output is presented in two blocks: once as a single, long string and once in
+a nice line-wrapped form.  Copy the one of your preference, starting with the
+`ENC[` and ending at the matching `]`.  Paste this into your Puppet or Hiera
+file just like any other eyaml string and your done.  If the file is rather
+large, you may wish to use a helper like `xclip` to copy the stdout directly to
+your clipboard.
+
+### Encrypting multiline values
+
+The following step-by-step example shows you how to encrypt multiline values.
+
+- Copy the YAML text below to a file named `multiline_example.eyaml`
+```
+---
+accounts::key_sets:
+  dummy:
+    private: |
+      ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+      Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20200911"
+      P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
+      1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw
+      JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj
+      2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr
+      QEPM5xLW0unCsQ==
+      ---- END SSH2 ENCRYPTED PRIVATE KEY ----
+```
+
+- Use `edit` to ...
+  - replace '|' with '>',
+  - prepend `DEC::PKCS7[` before the first line,
+  - remove all whitespaces used for indentation,
+  - and append `]!` to the last line of the multiline value.
+
+`eyaml edit multiline_example.eyaml`
+```
+---
+accounts::key_sets:
+  dummy:
+    private: >
+      DEC::PKCS7[---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20170123"
+P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
+1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw
+JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj
+2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr
+QEPM5xLW0unCsQ==
+---- END SSH2 ENCRYPTED PRIVATE KEY ----]!
+```
+```
+# resulting encrypted file
+---
+accounts::key_sets:
+  dummy:
+    private: >
+      ENC[PKCS7,MIIDTQYJKoZIhvcNAQcDoIIDPjCCAzoCAQAxggEhMIIBHQIBADAFMAACAQEw
+      DQYJKoZIhvcNAQEBBQAEggEAXH7xB1xuzoMAqA/3jSXO0ZUR6+UCb3DsTTj3
+      Lsrcx5oQBnJ/ml7GfBCPxBKfArZunLcnxmSk4hECKXdfgKsVjAa++JQWvtEm
+      HUNTFqvwd76Ku+nMfI9c8g+X+l6obLjzWfJdg3t6Ja7CJKl8UNFtSmbfYKVi
+      nZ0xBubgdY4plLAFcZyD5/A/lNFqwb051TRLbZOIRRfLUlRL7RNkKRC59Aog
+      S5aJXjmqx6vRzFifNK0JFZvYHGD75TiHJ5LFjg4rjgFd43AnK8iNo773ZWP2
+      48Gly5Zx7qVQDCDDi1YBgNFb0NIBQw+kWy7HcPH2REvPnXu/HV2FWvDP3Ond
+      yr2EbTCCAg4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEH+CjZJ1gKfaQIrr
+      N5zef7OAggHgBmRVsfaoiNEOzhmHZ5SxxZztmpBNtLv7mteaSqSL5o0TtKQh
+      SDgxBhaQmlL51+JM1Jsnvqm57ikZhj7Vtek/vr5DhYhWs0AxttH5rNaw0zKU
+      4bMppVu+SNKCtT+2Qw31x/S7gF7yVl+mwmXhq3qAj9ExWRX3d/8/zTuC61Io
+      f+7O6YUOucZ/m/YPrQnC5v7bDSKlIf1aFaKqukjM3QO8FZlAOHGPvRuWV2Om
+      QIgxQE6F8r+bTkW3KiVIx5FEIthRZ90VS3tz/2wjj77svddBhlid9ov/0ard
+      GGVNGsl1BFpLqxC0mpZXz237cL/aM58naqmX52J6YmC0xQM3DNmahWlYx1HV
+      J/Ogk12pOYPLJB/09OuoHPzKC4WfpB9B7wAC6pghRkO/84cOw6rgSdbzze5W
+      WMPvo181Y74BSBKhJDdO3lWYmEcDyx4TEsMUlpxd9PBDcOHqf9qHviXrwGzO
+      oSm2bUV0Fum5ueU+D2vu3mO0yIQ6fwyvDZLBRjfJV7K/PyDz81feWT6+g38t
+      AC27c0h8wk9b7HYfqG28nZE7F13qrhwCKnOaYLglsmbszNpRrBhfo1IHF6oM
+      YZRZrnrGQg5qQcxMsLq37RAfRgkY0rRLs78EEAhkf4NDxw0A/ovt]
+```
+- Output of `eyaml decrypt -f multiline_example.eyaml`:
+```
+---
+accounts::key_sets:
+  dummy:
+    private: |
+  ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+  Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20200911"
+  P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
+  1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw
+  JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj
+  2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr
+  QEPM5xLW0unCsQ==
+  ---- END SSH2 ENCRYPTED PRIVATE KEY ----
+```
+  - The output *does NOT* have to be valid YAML for usage with Puppet.
 
 Hiera
 -----
 
-To use eyaml with hiera and puppet, first configure hiera.yaml to use the eyaml backend
+To use eyaml with hiera and puppet, first configure hiera.yaml to use the eyaml backend.
+
+Eyaml works with [Hiera 3.x](https://docs.puppet.com/hiera/latest), as well as with [Hiera 5](https://docs.puppet.com/puppet/latest/hiera_intro.html) (Puppet 4.9.3 and later).
+
+### With Hiera 5
+
+In Hiera 5, each hierarchy level has one designated backend, as well as its own independent configuration for that backend.
+
+Hierarchy levels that use eyaml must set the following keys:
+
+* `name`.
+* `lookup_key` (must be set to `eyaml_lookup_key`).
+* `path`/`paths`/`glob`/`globs` (choose one).
+* `datadir` (can be omitted if you've set a default).
+* `options` — a hash of eyaml-specific settings; by default, this should include `pkcs7_private_key` and `pkcs7_public_key`, or `pkcs7_public_key_env_var` and `pkcs7_private_key_env_var`, but alternate encryption plugins use alternate options. Anything from the old `:eyaml` config section (except `datadir`) goes here.
+
+    You do not need to specify key names as `:symbols`; normal strings are fine.
+
+``` yaml
+---
+version: 5
+defaults:
+  datadir: data
+hierarchy:
+  - name: "Secret data: per-node, per-datacenter, common"
+    lookup_key: eyaml_lookup_key # eyaml backend
+    paths:
+      - "secrets/nodes/%{trusted.certname}.eyaml"  # Include explicit file extension
+      - "secrets/location/%{facts.whereami}.eyaml"
+      - "common.eyaml"
+    options:
+      pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem
+      pkcs7_public_key:  /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem
+  - name: "Normal data"
+    data_hash: yaml_data # Standard yaml backend
+    paths:
+      - "nodes/%{trusted.certname}.yaml"
+      - "location/%{facts.whereami}/%{facts.group}.yaml"
+      - "groups/%{facts.group}.yaml"
+      - "os/%{facts.os.family}.yaml"
+      - "common.yaml"
+```
+
+Unlike with Hiera 3, there's no default file extension for eyaml files, so you can specify your own file extension directly in the path name.
+
+For more details, see the [hiera.yaml (version 5) reference page](https://docs.puppet.com/puppet/latest/hiera_config_yaml_5.html).
+
+### With Hiera 3
+
+In Hiera 3, hierarchy levels don't have a backend assigned to them, and Hiera loops through the entire hierarchy for each backend. Options for the backend are set globally, in an `:eyaml` config section.
 
 ```yaml
 ---
@@ -180,6 +343,9 @@ To use eyaml with hiera and puppet, first configure hiera.yaml to use the eyaml
     # If using the pkcs7 encryptor (default)
     :pkcs7_private_key: /path/to/private_key.pkcs7.pem
     :pkcs7_public_key:  /path/to/public_key.pkcs7.pem
+
+    # Optionally cache decrypted data (default: false)
+    :cache_decrypted: false
 ```
 
 Then, edit your hiera yaml files, and insert your encrypted values. The default eyaml file extension is .eyaml, however this can be configured in the :eyaml block to set :extension,
@@ -189,6 +355,8 @@ Then, edit your hiera yaml files, and insert your encrypted values. The default
     :extension: 'yaml'
 ```
 
+### Data formatting note
+
 *Important Note:*
 The eyaml backend will not parse internally json formatted yaml files, whereas the regular yaml backend will.
 You'll need to ensure any existing yaml files using json format are converted to syntactically correct yaml format.
@@ -238,20 +406,20 @@ Configuration file for eyaml
 
 Default parameters for the eyaml command line tool can be provided by creating a configuration YAML file.
 
-Config files will be read first from `/etc/eyaml/config.yaml`, then from `~/.eyaml/config.yaml` and finally by anything referenced in the `EYAML_CONFIG` environment variable
+Config files will be read first from `~/.eyaml/config.yaml`, then from `/etc/eyaml/config.yaml` and finally by anything referenced in the `EYAML_CONFIG` environment variable
 
 The file takes any long form argument that you can provide on the command line. For example, to override the pkcs7 keys:
 ```yaml
 ---
-pkcs7_private_key: '~/keys/eyaml/private_key.pkcs7.pem'
-pkcs7_public_key: '~/keys/eyaml/public_key.pkcs7.pem'
+pkcs7_private_key: './keys/eyaml/private_key.pkcs7.pem'
+pkcs7_public_key: './keys/eyaml/public_key.pkcs7.pem'
 ```
 
 Or to override to use GPG by default:
 ```yaml
 ---
 encrypt_method: 'gpg'
-gpg_gnupghome: '~/alternative_gnupghome'
+gpg_gnupghome: './alternative_gnupghome'
 gpg_recipients: 'sihil@example.com,gtmtech@example.com,tpoulton@example.com'
 ```
 
@@ -275,14 +443,20 @@ When editing eyaml files, you will see that the unencrypted plaintext is marked
 This is a list of available plugins:
 
  - [hiera-eyaml-gpg](https://github.com/sihil/hiera-eyaml-gpg) - Provide GPG encryption
- - [hiera-eyaml-plaintext](https://github.com/gtmtechltd/hiera-eyaml-plaintext) - This is a no-op encryption plugin that 
-   simply base64 encodes the values. It exists as an example plugin to create your own and to do integration tests on 
+ - [hiera-eyaml-plaintext](https://github.com/gtmtechltd/hiera-eyaml-plaintext) - This is a no-op encryption plugin that
+   simply base64 encodes the values. It exists as an example plugin to create your own and to do integration tests on
    hiera-eyaml. **THIS SHOULD NOT BE USED IN PRODUCTION**
  - [hiera-eyaml-twofac](https://github.com/gtmtechltd/hiera-eyaml-twofac) - PKCS7 keypair + AES256 symmetric password for two-factor encryption
    Note that this plugin mandates the user enter a password. It is useful for non-automated scenarios, and is not advised to be used
    in conjunction with puppet, as it requires entry of a password over a terminal.
  - [hiera-eyaml-kms](https://github.com/adenot/hiera-eyaml-kms) - Encryption using AWS Key Management Service (KMS)
+ - [hiera-eyaml-gkms](https://github.com/craigwatson/hiera-eyaml-gkms) - Encryption using Google Cloud KMS
+ - [hiera-eyaml-vault](https://github.com/crayfishx/hiera-eyaml-vault) - Use the transit secrets engine from Vault for providing encryption.
+
 
+### How-To's:
+
+ - [How to use different Hiera/Eyaml keys for different environments using the AWS Parameter Store to store the encryption keys for Hiera/Eyaml](https://gist.github.com/FransUrbo/88b26033cb513a8aa569bd5392a427b1).
 
 Notes
 -----
@@ -322,6 +496,8 @@ Some of us hang out on #hiera-eyaml on freenode, please drop by if you want to s
 Tests
 -----
 
+**NOTE** Some testing requirements are not supported on Windows
+
 In order to run the tests, simply run `cucumber` in the top level directory of the project.
 
 You'll need to have a few requirements installed: