Another user had proposed 'hardening' the base system for vespene via:
Now, Michael has already responded and explained why that is definitely not a responsibility for vespene to worry about, however -- there could be a collaboration or even submission of opsmop to:
Currently, they have separate repos for puppet, chef, ansible, etc... Think it could be kind of neat to see opsmop included there:
https://github.com/dev-sec as some examples. I don't expect this to be a 'Michael should do this', but maybe as opsmop becomes a bit more utilized, the community can work on it to see it included (if there is interest).