Puppet Integration

Secure privileged access to your Puppet infrastructure with unified identity, automated credential injection, and comprehensive audit trails for configuration management.

View Documentation Request Demo

Features

Comprehensive Puppet Coverage

Secure access to all your Puppet infrastructure with unified authentication and authorization.

Puppet Enterprise Integration

Seamlessly integrate with Puppet Enterprise for centralized configuration management with secure access controls.

Puppet Server Access

SSH access to Puppet Server with automatic discovery, certificate-based authentication, and session recording.

PuppetDB Protection

Secure database access to PuppetDB with protocol-aware proxying and query auditing.

SSH Credential Injection

Automatically inject TigerAccess credentials into Puppet manifests and modules for secure node access.

Capabilities

Enterprise-Grade Puppet Integration

Puppet Enterprise integration

Puppet Server SSH access

PuppetDB query proxying

Hiera data access

Node classification sync

Certificate management

Environment-based access

Module Forge integration

Bolt task execution

Report processing

Catalog compilation access

Code Manager integration

r10k workflow support

PE Console access

Orchestrator integration

Automated node discovery

Setup

Get Started in Minutes

Follow these steps to integrate TigerAccess with your Puppet infrastructure.

Configure Puppet Server Access

Add your Puppet Server to TigerAccess and configure SSH access with certificate-based authentication.

tacctl nodes add \
  --kind=puppet-server \
  --name=puppet.example.com \
  --hostname=puppet.example.com \
  --labels=env=production,role=puppet

Add PuppetDB Integration

Configure PuppetDB connection for query proxying and node discovery.

tacctl integrations add puppetdb \
  --host=puppetdb.example.com \
  --port=8081 \
  --ssl-cert=/etc/puppetlabs/puppet/ssl/certs/puppetdb.pem \
  --ssl-key=/etc/puppetlabs/puppet/ssl/private_keys/puppetdb.pem

Configure Module Integration

Install the TigerAccess Puppet module to enable credential injection and automated node access.

# Install from Puppet Forge
puppet module install tigeraccess-tigeraccess

# Configure in your manifest
class { 'tigeraccess':
  auth_server => 'auth.tigeraccess.example.com',
  proxy_server => 'proxy.tigeraccess.example.com',
  enable_ssh_injection => true,
}

Enable SSH Credential Injection

Configure Puppet manifests to use TigerAccess credentials for node access.

# In your Puppet manifest
node 'webserver.example.com' {
  # TigerAccess will automatically inject credentials
  tigeraccess::ssh_access { 'admin':
    user => 'admin',
    roles => ['developers', 'sre'],
    ttl => '1h',
  }

  # Your existing Puppet code
  include apache
  include mysql
}

Verify Integration

Test the integration by accessing Puppet Server and running a catalog compilation.

# Access Puppet Server via TigerAccess
tac ssh [email protected]

# Query PuppetDB through TigerAccess proxy
tac db connect puppetdb --query "nodes[certname] {}"

# Run Bolt task with TigerAccess credentials
tac puppet bolt task run package --targets=webservers action=status name=apache2

Use Cases

Real-World Puppet Scenarios

Secure Puppet Server Management

Grant administrators just-in-time access to Puppet Server with automatic approval workflows, session recording, and comprehensive audit trails for all configuration changes.

PuppetDB Query Auditing

Proxy and audit all PuppetDB queries to track who accessed node data, when, and what information was retrieved for compliance and security monitoring.

Environment-Based Access Control

Implement role-based access to Puppet environments (production, staging, development) with automated credential rotation and session time limits.

Automated Credential Injection

Automatically inject short-lived TigerAccess SSH credentials into Puppet manifests for secure node management without hardcoded credentials.

FAQ

Frequently Asked Questions

Does TigerAccess require modifications to existing Puppet manifests?

No. TigerAccess can work with existing Puppet infrastructure without modifications. However, installing the TigerAccess Puppet module enables advanced features like automatic credential injection and enhanced access controls.

How does TigerAccess handle Puppet certificate management?

TigerAccess integrates with Puppet's certificate infrastructure. It can use existing Puppet certificates for authentication to Puppet Server and PuppetDB, or generate its own short-lived certificates for enhanced security.

Can I control access to different Puppet environments?

Yes. TigerAccess supports environment-based access control. You can grant users access to specific Puppet environments (production, staging, development) based on their roles, with separate approval workflows for sensitive environments.

How are PuppetDB queries audited?

All PuppetDB queries are proxied through TigerAccess and fully audited. The audit log includes the user identity, query content, timestamp, results returned, and session context. This ensures complete visibility into who accessed node data and when.

Does TigerAccess work with Puppet Bolt?

Yes. TigerAccess integrates with Puppet Bolt for task execution and orchestration. You can run Bolt tasks and plans with TigerAccess credentials, with full session recording and audit trails for all orchestration activities.

Can I use TigerAccess with open-source Puppet Server?

Yes. TigerAccess works with both Puppet Enterprise and open-source Puppet Server. All features including SSH access, PuppetDB integration, and credential injection are supported on both platforms.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available