From 4fd117fc10472c61f1b6031ea9348a9f04a3c5dd Mon Sep 17 00:00:00 2001 From: Michael Fyffe <6224270+TraGicCode@users.noreply.github.com> Date: Fri, 10 Jul 2026 14:53:11 -0500 Subject: [PATCH] Fix readme mistake --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index e5b6fde..4b8ef12 100644 --- a/README.md +++ b/README.md @@ -130,7 +130,7 @@ The `client_secret` must be of type `Sensitive` to prevent accidental leakage in By default, `azure_key_vault::secret` runs on the **Puppet Server** during catalog compilation, which means the secret value is embedded in the compiled catalog and the Puppet Server itself needs network access and permissions to reach Key Vault. -Using Puppet's [`Deferred` type](https://www.puppet.com/docs/puppet/latest/lang_write_functions_in_puppet.html#lang_deferred_functions), you can instead defer the lookup so it happens on the **agent**, when the catalog is _applied_ rather than compiled. This has a few advantages: +Using Puppet's [`Deferred` type](https://help.puppet.com/core/current/Content/PuppetCore/deferring_functions.htm), you can instead defer the lookup so it happens on the **agent**, when the catalog is _applied_ rather than compiled. This has a few advantages: - The secret is never embedded in the compiled catalog, so it isn't stored in PuppetDB, reports, or catalog caches. - The Puppet Server does not need any permissions or network path to Key Vault — only the agent does. @@ -138,8 +138,6 @@ Using Puppet's [`Deferred` type](https://www.puppet.com/docs/puppet/latest/lang_ #### Deferred Example: Using MSI -[#deferred-example-using-msi](#deferred-example-using-msi) - ```puppet $important_secret = Deferred('azure_key_vault::secret', [ 'production-vault',