In this chapter we've outlined some of the problems with maintaining configuration data in Puppet manifests, and introduced Hiera as a powerful solution. We've seen how to configure Puppet to use the Hiera data store, and how to query Hiera keys in Puppet manifests using lookup().

We've looked at how to write Hiera data sources, including string, array, and hash data structures, and how to interpolate values into Hiera strings using lookup(), including Puppet facts and other Hiera data, and how to duplicate Hiera data structures using alias(). We've learned how Hiera's hierarchy works, and how to configure it using the hiera.yaml file.

We've seen how our example Puppet infrastructure is configured to use Hiera data, and demonstrated the process by looking up a data value in a Puppet manifest. In case of problems, we also looked at some common Hiera errors, and we've discussed rules of thumb about when to put data into Hiera.

We've explored using Hiera data to create resources, using an each loop over an array or hash. Finally, we've covered using encrypted data with Hiera, using the hiera-eyaml-gpg backend, and we've seen how to create a GnuPG key and use it to encrypt a secret value, and retrieve it again via Puppet. We've explored the process Hiera uses to find and decrypt secret data, developed a simple script to make it easy to edit encrypted data files, and outlined a basic way to distribute the decryption key to multiple nodes.

In the next chapter, we'll look at how to find and use public modules from Puppet Forge; how to use public modules to manage software including Apache, MySQL, and archive files; how to use the r10k tool to deploy and manage third-party modules; and how to write and structure your own modules.