App-GroupSecret

 view release on metacpan or  search on metacpan

README  view on Meta::CPAN


    If and when you need to change the Vault password (such as when a team
    member leaves), you can follow this procedure which is probably mostly
    self-explanatory:

        groupsecret -f vault-password.yml delete-key keys/revoked/jdoe_rsa.pub
        groupsecret -f vault-password.yml print-secret >old-vault-password.txt
        groupsecret -f vault-password.yml set-secret rand:48
        echo "New Vault password: $(groupsecret -f vault-password.yml)"
        ansible-vault --vault-id=old-vault-password.txt rekey foo.yml bar.yml baz.yml
        # You will be prompted for the new Vault password which you can copy from the output above.
        rm -f old-vault-password.txt

    This removes access to the keyfile secret and to the Ansible Vault.
    Don't forget that you may also want to change the variables being
    protected by the Vault. After all, those secrets are the actual things
    we're protecting by doing all of this, and an exiting team member may
    have decided to take a copy of those variables for himself before
    leaving.

BUGS

bin/groupsecret  view on Meta::CPAN

That's it! Pretty easy.

If and when you need to change the Vault password (such as when a team member leaves), you can
follow this procedure which is probably mostly self-explanatory:

    groupsecret -f vault-password.yml delete-key keys/revoked/jdoe_rsa.pub
    groupsecret -f vault-password.yml print-secret >old-vault-password.txt
    groupsecret -f vault-password.yml set-secret rand:48
    echo "New Vault password: $(groupsecret -f vault-password.yml)"
    ansible-vault --vault-id=old-vault-password.txt rekey foo.yml bar.yml baz.yml
    # You will be prompted for the new Vault password which you can copy from the output above.
    rm -f old-vault-password.txt

This removes access to the keyfile secret and to the Ansible Vault. Don't forget that you may also
want to change the variables being protected by the Vault. After all, those secrets are the actual
things we're protecting by doing all of this, and an exiting team member may have decided to take
a copy of those variables for himself before leaving.

=head1 BUGS

Please report any bugs or feature requests on the bugtracker website



( run in 0.747 second using v1.01-cache-2.11-cpan-6aa56a78535 )