The Salt fileserver does not yet support access control, but it is STILL possible to do this. As of Salt 2015.5.0, thefile_tree external pillar is available, and allows the contents of a file to be loaded as Pillar DATA. This external pillar is capable of assigning Pillar values both to individual MINIONS, and to nodegroups. See the documentation for DETAILS on how to set this up.

Once the external pillar has been set up, the data can be pushed to a minion via a file.managed state, using thecontents_pillar argument:

/etc/my_super_secret_file:

file.managed:

- user: secret
- group: secret
- mode: 600
- contents_pillar: secret_files:my_super_secret_file

In this EXAMPLE, the source file would be located in a directory called secret_files underneath the file_tree path for the minion. The syntax for specifying the pillar variable is the same one used for pillar.get, with a colon representing a nested dictionary.

The Salt fileserver does not yet support access control, but it is still possible to do this. As of Salt 2015.5.0, thefile_tree external pillar is available, and allows the contents of a file to be loaded as Pillar data. This external pillar is capable of assigning Pillar values both to individual minions, and to nodegroups. See the documentation for details on how to set this up.

Once the external pillar has been set up, the data can be pushed to a minion via a file.managed state, using thecontents_pillar argument:

/etc/my_super_secret_file:

file.managed:

- user: secret
- group: secret
- mode: 600
- contents_pillar: secret_files:my_super_secret_file

In this example, the source file would be located in a directory called secret_files underneath the file_tree path for the minion. The syntax for specifying the pillar variable is the same one used for pillar.get, with a colon representing a nested dictionary.