User Tools
mozilla_sops
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
mozilla_sops [2026/02/03 17:16] val |
mozilla_sops [2026/02/14 17:18] (current) val |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * [[https://stackoverflow.com/questions/78211931/how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?]] | * [[https://stackoverflow.com/questions/78211931/how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?]] | ||
| + | |||
| + | * [[Hashicorp Vault]] | ||
| + | * Сервис Ansible [[Сервис Ansible#Роль OpenVPN сервера]] | ||
| <code> | <code> | ||
| Line 15: | Line 18: | ||
| # chmod +x /usr/local/bin/sops | # chmod +x /usr/local/bin/sops | ||
| - | # cat vault_example.yml | + | # VAULT_ADDR=http://server.corpX.un:8200 |
| - | a: Hello | + | |
| - | b: World | + | |
| - | + | ||
| - | # VAULT_ADDR=http://server.corp13.un:8200 | + | |
| # export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | # export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | ||
| - | ~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key #-i | + | ~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key --in-place |
| ~/openvpn1# cat openvpn1/files/server.key | ~/openvpn1# cat openvpn1/files/server.key | ||
| - | ~/openvpn1# sops decrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key #-i | + | ~/openvpn1# sops decrypt openvpn1/files/server.key -i |
| - | ~/openvpn1# cat .sops.yaml | + | # cat .sops.yaml |
| </code><code> | </code><code> | ||
| creation_rules: | creation_rules: | ||
| - path_regex: inventory.yaml | - path_regex: inventory.yaml | ||
| encrypted_regex: ^ansible.*pass | encrypted_regex: ^ansible.*pass | ||
| - | hc_vault_transit_uri: "http://server.corp13.un:8200/v1/transit/keys/ansible-openvpn1" | + | hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1" |
| - path_regex: openvpn1/files/server.key | - path_regex: openvpn1/files/server.key | ||
| - | hc_vault_transit_uri: "http://server.corp13.un:8200/v1/transit/keys/ansible-openvpn1" | + | hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1" |
| + | # - path_regex: keycloak-db-secret.yaml | ||
| + | # hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-pgcluster" | ||
| + | # - path_regex: values.yaml | ||
| + | # encrypted_regex: adminPassword|password | ||
| + | # hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-keycloak" | ||
| </code><code> | </code><code> | ||
| - | ~/openvpn1# sops encrypt inventory.yaml -i | + | ~/openvpn1# sops encrypt inventory.yaml |
| + | |||
| + | ~/openvpn1# | ||
| + | sops -e -i inventory.yaml | ||
| + | sops -e -i openvpn1/files/server.key | ||
| ~/openvpn1# cat inventory.yaml | ~/openvpn1# cat inventory.yaml | ||
| Line 46: | Line 54: | ||
| ~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}' | ~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}' | ||
| - | ~/openvpn1# sops encrypt openvpn1/files/server.key -i | + | ~/openvpn1# ###sops -d -i inventory.yaml |
| - | + | ||
| - | ~/openvpn1# cat openvpn1/tasks/main.yml | + | |
| - | ... | + | |
| - | - name: Copy file server.key | + | |
| - | copy: | + | |
| - | #src: server.key | + | |
| - | content: "{{ lookup('community.sops.sops', 'server.key') }}" | + | |
| - | ... | + | |
| - | + | ||
| - | ~/openvpn1# sops exec-file --no-fifo inventory.yaml 'ansible-playbook openvpn1.yaml -i {}' | + | |
| </code> | </code> | ||
mozilla_sops.1770128201.txt.gz · Last modified: 2026/02/03 17:16 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
