[17:15:23] <inflatador>	 I'm using `profile::tlsproxy::envoy` and cfssl for the first time, getting "invalid secret", do I need to create the secret ahead of time or something? Re: https://gerrit.wikimedia.org/r/c/operations/puppet/+/989244 
[17:19:01] <taavi>	 inflatador: `profile::tlsproxy::envoy::ssl_provider` defaults to 'sslcert', if you want to use pki/cfssl for the cert (it seems you do) you need to set `profile::tlsproxy::envoy::ssl_provider: cfssl` in hiera
[17:19:02] <btullis>	 inflatador: I don't see the `profile::pki::get_cert`function being called anywhere in that patch.
[17:19:22] <btullis>	 Ah.
[17:20:55] <inflatador>	 excellent, thanks taavi and btullis