Salt Notes


View secrets from master:

salt '*' pillar.items

Create key called mysecretkey on master:

echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "mysecretkey"

View secrets from minion:

salt-call pillar.items

Get a specific secret from a minion:

salt-call pillar.get a-secret


Directory structurs

There are two essential locations for salt related files (excluding service files):


/etc/salt holds configuration files for the master and minion, as well as the keys for known minions.

/srv/salt has the state, pillar and reactor files.


Useful utilities

List all connected minions

salt-run manage.up

Show status for all connected minions

This will also show minions that are down.

salt-run manage.status


Add new salt state

Salt states are the equivalent to a cookbook in Chef or a module in Puppet. To create a new one, do the following:

  1. Login to the salt master
  2. mkdir /srv/salt/<name of state>
  3. Add your logic to /srv/salt/<name of state>/init.sls


Run state on all minions

salt '*' state.apply <name of state>

Run state on single minion

salt '<minion name>' state.apply <name of state>