Description of problem: On the controller, /etc/puppet/hieradata/service_configs.json contains all service users passwords. While the file and directory are accessible by root only, this data should be encrypted so as not to be in clear text. Valid approaches could be: * Can we remove this data entirely after deployment? What do folks use it for? * Use hiera-yaml or hiera-vault perhaps?
With the containerized overcloud, /etc/puppet/ won't be used anymore and these files won't exist in that directory, so I'm closing it as it doesn't fit with our plans.