The Pillars workspace allows you to create and manage pillar data that is stored natively in SaltStack Config. Pillars are structures of data defined on the Salt master and passed through to one or more minions, using targets. They allow confidential, targeted data to be securely sent only to the relevant minion. Pillars are useful for limiting user access to private data. For example, you could use pillars to allow a user to run a job that requires authentication to an external service without accessing those authentication credentials themselves. In this case, you would assign the user access to the given job and target, but not to the pillar containing sensitive authentication details.

Note: As part of VMware’s initiative to remove problematic terminology, the term Salt master will be replaced with a better term in SaltStack Config and related products and documentation. This terminology update may take a few release cycles before it is fully complete.

Pillar data is encrypted in the SaltStack Config database and is not stored in plain text. It is encrypted during transmission, and made visible only to minions specified in the pillar target settings. For more on assigning pillar to a target, see Assigning pillar.

A target is the group of minions, across one or many Salt masters, that a job’s Salt command applies to. A Salt master can also be managed like a minion and can be a target if it is running the minion service. Minions are nodes running the minion service, which can listen to commands from a Salt master and perform the requested tasks. See Minions for more information.

Pillar data can be stored in either of the following:

  • A private pillar in the Pillars workspace
  • A job’s settings
  • In other pillar roots in the API (RaaS) server

Pillar data stored within a job is less secure than data in a standard pillar, as any user with permission to access the job can also view the pillar data. Jobs are used to run remote execution tasks, apply states, and start Salt runners. See Jobs for more information.

For more on pillar in Salt, see Salt pillar walkthrough.

In the Pillars workspace you can create new pillars and assign pillars to targets. When you assign a pillar to a target, you can also choose to refresh the pillar.

Accessing the Pillars workspace

To use the Pillars workspace, click Config > Pillars on the side menu.

Creating a pillar

To create a new pillar:

  1. In the Pillars workspace, click Create.
  2. Enter pillar data in JSON format and click Save.
Note: Pillar names do not have to be unique. This might result in different items displaying with the same name in the Web Console.

Assigning pillar

To assign a pillar to a specific target:

  1. In the Pillars workspace, select a pillar.

  2. Click Update Targets.

  3. In the dialog, select targets you want to apply the pillar to.

    In addition to selecting a target, select Refresh pillar to make the pillar available to the selected target immediately.

  4. Click Save.

The pillar data is now available to all minions in the selected target.

Note: You can also assign a pillar to a target in the Minions workspace. See Minions.

Pillars and the All Minions target

The All Minions target is read-only, and cannot be assigned pillar data. To assign pillar data to all minions, create a new target that matches all minions (*). See Minions for more information.

Value precedence

If the same pillar data is defined in multiple sources, SaltStack Config selects the data to apply in the following order of precedence:

  1. Values passed directly on the job
  2. Values in the SaltStack Config user interface (in the Pillars workspace)
  3. Values in other pillar roots

You can change this behavior by adjusting the order of pillar_roots in the Salt master configuration.

Pillar data format

External pillar data must be in JSON format. YAML is not currently supported.

Pillar dependencies

Files

Pillar data is useful for passing data into states, reactors, and other types of files. Make sure when creating or updating pillar data to also update pillar references in any corresponding files. See File Server.

Targets

Pillar data attached to a target is used when associated jobs run on the target. Make sure when updating pillar data to also refresh pillar on its associated targets. See Assigning pillar.