User Tools
mozilla_sops
This is an old revision of the document!
Mozilla Sops
- Сервис Ansible Роль OpenVPN сервера
# wget https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64 # mv sops-v3.11.0.linux.amd64 /usr/local/bin/sops # chmod +x /usr/local/bin/sops # VAULT_ADDR=http://server.corpX.un:8200 # export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU ~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key --in-place ~/openvpn1# cat openvpn1/files/server.key ~/openvpn1# sops decrypt openvpn1/files/server.key -i ~/openvpn1|gowebd-k8s# cat .sops.yaml
creation_rules:
- path_regex: inventory.yaml
encrypted_regex: ansible_ssh_user|^ansible.*pass
hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1"
- path_regex: openvpn1/files/server.key
hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1"
# - path_regex: webd-chart/values.yaml
# encrypted_regex: SECRET
# hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/webd-k8s"
~/openvpn1# sops encrypt inventory.yaml
~/openvpn1#
sops -e -i inventory.yaml
sops -e -i openvpn1/files/server.key
~/openvpn1# cat inventory.yaml
~/openvpn1# sops edit inventory.yaml
~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}'
kube1:~/gowebd-k8s# sops -e -i webd-chart/values.yaml kube1:~/gowebd-k8s# sops edit webd-chart/values.yaml
mozilla_sops.1770896044.txt.gz · Last modified: 2026/02/12 14:34 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
