Description of problem:
On the undercloud, /etc/puppet/hieradata/puppet-stack-config.yaml
is used by puppet to populate all the configuration from the overcloud.
While the file and directory are accessible by root only, this data should be encrypted so as not to be in clear text.
Valid approaches could be:
* Use hiera-yaml or hiera-vault perhaps?
With the containerized undercloud, /etc/puppet/ won't be used anymore and these files won't exist in that directory, so I'm closing it as it doesn't fit with our plans.