-
mh authored
Newer puppet versions won't fall back to PSON anymore if there is binary data within the catalog (option main/allow_pson_serialization is set to false by default). The proper way to handle binary data seems to be to use `binary_file` to get binary data into the catalog. For an onion service both public and secret key are binary data. Additionally, if we did not make the public key a `Sensitive` type as well this still made the public key file flip on every run, since a tor restart seem to have slightly changed it. Wrapping it as `Sensitive` did not have that effect.
82fae162