diff options
author | Micah Anderson <micah@riseup.net> | 2022-03-01 14:47:06 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2022-03-01 14:47:06 -0500 |
commit | 12f093f3d6c5253de31a07b5e196d0990fa10d30 (patch) | |
tree | 8d781e0255ec4ab16a86b260aae0d85640ec4d4e | |
parent | 87e1d7b1022f9aaca1131b9f44d11d4a1ba77f62 (diff) |
Update README to fix encryption of ansible vault password.
The instructions did not work, and rather than giving people multiple ways to do
things, just show how to do it the best way.
-rw-r--r-- | README.md | 18 |
1 files changed, 1 insertions, 17 deletions
@@ -46,16 +46,7 @@ cd lilypad ... by creating a password file: ```shell -tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 26 > .ansible_vault_pw -``` - -_Optionally_: gpg encrypt this file, so only trusted admins can read it. If you do *not* encrypt this file, then this repository should not be shared anywhere public: - -```shell -(echo '#!/usr/bin/gpg -d'; gpg -a -e .ansible_vault_pw) \ - > .ansible_vault_pw.gpg -chmod +x .ansible_vault_pw.gpg -rm .ansible_vault_pw +tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 26 | gpg -ea -o .ansible_vault_pw.gpg ``` The resulting `.ansible_vault_pw.gpg` will be automatically decrypted by Ansible at runtime (use of an agent, such as `gpg-agent` is advised). @@ -63,13 +54,6 @@ The resulting `.ansible_vault_pw.gpg` will be automatically decrypted by Ansible Configure your local environment to know where the ansible vault password is located: ```shell -export ANSIBLE_VAULT_PASSWORD_FILE=.ansible_vault_pw -``` - -_NOTE:_ if you performed the optional encryption step above, you will -need to add .gpg to the end of the file name below: - -```shell export ANSIBLE_VAULT_PASSWORD_FILE=.ansible_vault_pw.gpg ``` |