changes to duo.conf expose the ikey/skey values in the syslog

[ghost]

The puppet agent normally logs all changes to the syslog. This is very handy for most situations, however, it is not desirable to have puppet log the changes on secrets like passwords or pre-shared keys.

At present the duo_unix module does not prevent this from happening and the ikey and skey values are logged to syslog. The show_diff metaparameter can prevent it from being recorded in the logs.

The file resource type can accept the show_diff metaparameter:
https://docs.puppetlabs.com/references/latest/type.html#file-attributes

[petems]

This can also be done with the new Sensitive type in Puppet 4.6! 👍