Puppet can't find key on server

[ghost]

I'm getting the following error when I do a puppet agent run:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, No such file or directory - /etc/<snip>/private_key.pkcs7.pem (file: /etc/puppetlabs/code/environments/<snip>/modules/<snip>/init.pp) on node

I've confirmed the PEM file exists on the puppet master.

The module in question looks at hiera to retrieve encrypted eyaml file contents (begins with "ENC[PKCS7,") and put it into a file's contents.

I'm using hiera 5. Everything is in a .yaml file in hiera.
My paths in my hierarchy are all grouped under a single "name" with this at the end under the last of the paths (encrypted eyaml can appear anywhere in the hierarchy):

    lookup_key: eyaml_lookup_key # eyaml backend
    options:
      pkcs7_private_key: "/etc/<snip>/private_key.pkcs7.pem"
      pkcs7_public_key: "/etc/<snip>/public_key.pkcs7.pem"

I'm no expert in how this is all supposed to go but I'm at a loss on how to fix this.

[ghost]

Nevermind, puppet server does not run as root. It runs as "puppet", so I chowned and now it works. Sorry.

[bastelfreak]

Hey @dogdude87. Are you interested in providing a patch for our README.md? I think it is pretty common that people create private keys that are owned by root. Something like 'if you run into this error, check your perms..' might be helpful in our README. Thanks in advance!