george/blackbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document working with Ansible (#306)

Browse Source 
Bug: https://github.com/StackExchange/blackbox/issues/295
See: https://docs.ansible.com/ansible/latest/user_guide/vault.html#providing-vault-passwords
See: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-vault-password-file
This commit is contained in:
Lucas Ramage
2020-05-03 11:41:34 -04:00
committed by GitHub
parent 2ef26f4c90
commit cf3915fbd8
1 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@@ -19,9 +19,11 @@ Table of Contents
- [Compatibility](#compatibility)
- [How is the encryption done?](#how-is-the-encryption-done)
- [What does this look like to the typical user?](#what-does-this-look-like-to-the-typical-user)
- [How to use the secrets with Puppet?](#how-to-use-the-secrets-with-puppet)
- [Entire files](#entire-files)
- [Small strings](#small-strings)
- Configuration Management
- [How to use the secrets with Ansible?](#how-to-use-the-secrets-with-ansible)
- [How to use the secrets with Puppet?](#how-to-use-the-secrets-with-puppet)
- [Entire files](#entire-files)
- [Small strings](#small-strings)
- File Management
- [How to enroll a new file into the system?](#how-to-enroll-a-new-file-into-the-system)
- [How to remove a file from the system?](#how-to-remove-a-file-from-the-system)
@@ -233,6 +235,22 @@ What does this look like to the typical user?
Wait... it can be even easier than that! Run `blackbox_edit FILENAME`, and it'll decrypt the file in a temp file and call `$EDITOR` on it, re-encrypting again after the editor is closed.
How to use the secrets with Ansible?
===================================
Ansible Vault provides functionality for encrypting both entire files and strings stored within files; however,
keeping track of the password(s) required for decryption is not handled by this module.
Instead one must specify a password file when running the playbook.
Ansible example for password file: `my_secret_password.txt.gpg`
```
ansible-playbook --vault-password-file my_secret_password.txt site.yml
```
Alternatively, one can specify this in the `ANSIBLE_VAULT_PASSWORD_FILE` environment variable.
How to use the secrets with Puppet?
===================================