From 4a19b147d130cd8a1574a01765e31aefb5e2155e Mon Sep 17 00:00:00 2001
From: Nicole Rappe <nicole.rappe@bunny-lab.io>
Date: Thu, 3 Oct 2024 19:13:50 -0600
Subject: [PATCH] Update Servers & Workflows/Linux/Automation/Puppet/Puppet
 Deployment.md

---
 .../Automation/Puppet/Puppet Deployment.md    | 33 +++++++++++++++++--
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/Servers & Workflows/Linux/Automation/Puppet/Puppet Deployment.md b/Servers & Workflows/Linux/Automation/Puppet/Puppet Deployment.md
index 91e0f3c..43df087 100644
--- a/Servers & Workflows/Linux/Automation/Puppet/Puppet Deployment.md	
+++ b/Servers & Workflows/Linux/Automation/Puppet/Puppet Deployment.md	
@@ -99,7 +99,7 @@ sudo gem install r10k
 r10k version
 ```
 
-## Configure r10k
+### Configure r10k
 ``` sh
 # Create the r10k Configuration Directory
 sudo mkdir -p /etc/puppetlabs/r10k
@@ -121,20 +121,47 @@ sources:
 ```
 
 ``` sh
+# Lockdown the Permissions of the Configuration File
+chmod 600 /etc/puppetlabs/r10k/r10k.yaml
+
 # Create r10k Cache Directory
 sudo mkdir -p /var/cache/r10k
 sudo chown -R puppet:puppet /var/cache/r10k
 ```
 
-## Configure Gitea
+### Configure Gitea
 At this point, we need to set up the branches and file/folder structure of the Puppet repository on Gitea.
 !!! warning "Incomplete"
     This section needs a copy of all of the folder structure explained, as well as the branch structure, and example files for things like `site.pp`, `environment.conf`, and `init.pp`.  That will be added at a later time soon.
 
-## Storing Credentials to Gitea
+### Storing Credentials to Gitea
 We need to be able to pull down the data from Gitea's Puppet repository under the root user so that r10k can automatically pull down any changes made to the Puppet environments (e.g. `Production` and `Development`).  Each Git branch represents a different Puppet environment.  We will use an application token to do this.
 
 Navigate to "**Gitea > User (Top-Right) > Settings > Applications
 - Token Name: `Puppet r10k`
 - Permissions: `Repository > Read Only`
 - Click the "**Generate Token**" button to finish.
+
+!!! warning "Securely Store the Application Token"
+    It is critical that you store the token somewhere safe like a password manager as you will need to reference it later and might need it in the future if you re-build the r10k environment.
+
+Now we want to configure Gitea to store the credentials for later use by r10k:
+``` sh
+# Enable Stored Credentials (We will address security concerns further down...)
+git config --global credential.helper store
+
+# Clone the Git Repository Once to Store the Credentials (Use the Application Token as the password)
+# Username: nicole.rappe
+# Password: <Application Token Value>
+git clone https://git.bunny-lab.io/GitOps/Puppet.git /tmp/PuppetTest
+
+# Verify the Credentials are Stored
+cat /root/.git-credentials
+
+# Lockdown Permissions
+chmod 600 /root/.git-credentials
+
+# Cleanup After Ourselves
+rm -rf /tmp/PuppetTest
+
+