class MysqL::server( $password ) {

        package { 'MysqL-server': ensure => installed }
        package { 'MysqL': ensure => installed }

        service { 'MysqLd':
                enable => true,ensure => running,require => Package['MysqL-server'],}

        exec { 'set-MysqL-password':
                unless => "MysqLadmin -uroot -p$password status",path => ['/bin','/usr/bin'],command => "MysqLadmin -uroot password $password",require => Service['MysqLd'],}
}

我该如何保护$密码？目前,我从节点定义文件中删除了默认的世界可读权限,并通过ACL显式提供了puppet读取权限.

我假设其他人遇到了类似的情况,所以也许有更好的做法.