Last active
March 1, 2020 07:19
-
-
Save queglay/ea0f5cb49ec56b5a273c636e270358ef to your computer and use it in GitHub Desktop.
Ansible crypt - encrypt string into an environment variable, to read - stash result into a file and use ansible to decrypt again. you will need to specify your own vault keys in place the missing variables shown.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| testvar=$(echo -n "test some input that will be encrypted" | ansible-vault encrypt_string --vault-id $vault_key --stdin-name testvar_name | base64 -w 0) ; echo $testvar | base64 -d > ../secrets/keys/tmp.yml | ansible localhost -m debug -a var="testvar_name" -e "@../secrets/keys/tmp.yml" --vault-id $vault_key | |
| # In practice, gnerating a one time var should not use stdin input. instead use this for the first stage of creating a var | |
| ansible-vault encrypt_string --vault-id $vault_key --stdin-name testvar_name | base64 -w 0 | |
| # this example encrypts to an env var, and then decrypts the value inline without the need for an intermediary file. | |
| testvar=$(echo -n "test some input that will be encrypted and stored as an env var" | ansible-vault encrypt_string --vault-id $vault_key --stdin-name testvar_name | base64 -w 0) | |
| result=$(echo $testvar | base64 -d | /var/lib/snapd/snap/bin/yq r - "testvar_name" | ansible-vault decrypt --vault-id $vault_key); echo $result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment