App-GroupSecret
view release on metacpan or search on metacpan
Then set the secret in the keyfile to a long random number:
groupsecret -f vault-password.yml set-secret rand:48
This will be the Ansible Vault password. You can see it if you want
using the "print-secret" command, but you don't need to.
Then we'll take advantage of the fact that an Ansible Vault password
file can be an executable program that prints the Vault password to
STDOUT. Create a file named vault-password with the following script,
and make it executable (chmod +x vault-password):
#!/bin/sh
# Use groupsecret <https://github.com/chazmcgarvey/groupsecret> to access the Vault password
exec ${GROUPSECRET:-groupsecret} -f vault-password.yml print-secret
Commit both vault-password and vault-password.yml to your repository.
Now use ansible-vault(1) to add files to the Vault:
ansible-vault --vault-id=vault-password encrypt foo.yml bar.yml baz.yml
bin/groupsecret view on Meta::CPAN
Then set the secret in the keyfile to a long random number:
groupsecret -f vault-password.yml set-secret rand:48
This will be the Ansible Vault password. You can see it if you want using the L</print-secret>
command, but you don't need to.
Then we'll take advantage of the fact that an Ansible Vault password file can be an executable
program that prints the Vault password to C<STDOUT>. Create a file named F<vault-password> with the
following script, and make it executable (C<chmod +x vault-password>):
#!/bin/sh
# Use groupsecret <https://github.com/chazmcgarvey/groupsecret> to access the Vault password
exec ${GROUPSECRET:-groupsecret} -f vault-password.yml print-secret
Commit both F<vault-password> and F<vault-password.yml> to your repository.
Now use L<ansible-vault(1)> to add files to the Vault:
ansible-vault --vault-id=vault-password encrypt foo.yml bar.yml baz.yml
( run in 0.317 second using v1.01-cache-2.11-cpan-496ff517765 )