Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
mozilla_sops

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
mozilla_sops [2026/01/18 18:47]
val 		mozilla_sops [2026/02/14 17:18] (current)
val
Line 7: Line 7:
  
   * [[https://​stackoverflow.com/​questions/​78211931/​how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?​]]   * [[https://​stackoverflow.com/​questions/​78211931/​how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?​]]
 +
 +  * [[Hashicorp Vault]]
 +  * Сервис Ansible [[Сервис Ansible#​Роль OpenVPN сервера]]
  
 <​code>​ <​code>​
Line 15: Line 18:
 # chmod +x /​usr/​local/​bin/​sops # chmod +x /​usr/​local/​bin/​sops
  
-# cat vault_example.yml +# VAULT_ADDR=http://​server.corpX.un:8200
-a: Hello +
-b: World +
- +
-# VAULT_ADDR=http://​server.corp13.un:8200+
  
 #  export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU #  export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU
  
-~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/​v1/​transit/​keys/​ansible-openvpn1 openvpn1/​files/​server.key ​#-i+~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/​v1/​transit/​keys/​ansible-openvpn1 openvpn1/​files/​server.key --in-place
  
 ~/openvpn1# cat openvpn1/​files/​server.key ~/openvpn1# cat openvpn1/​files/​server.key
  
-~/openvpn1# sops decrypt ​--hc-vault-transit $VAULT_ADDR/​v1/​transit/​keys/​ansible-openvpn1 ​openvpn1/​files/​server.key ​#-i +~/openvpn1# sops decrypt openvpn1/​files/​server.key -i
- +
-~/openvpn1# cp inventory.yaml inventory4.yaml+
  
-~/openvpn1# cat .sops.yaml+# cat .sops.yaml
 </​code><​code>​ </​code><​code>​
 creation_rules:​ creation_rules:​
-  - path_regex: ​inventory4.yaml+  - path_regex: ​inventory.yaml
     encrypted_regex:​ ^ansible.*pass     encrypted_regex:​ ^ansible.*pass
-    hc_vault_transit_uri:​ "​http://​server.corp13.un:​8200/​v1/​transit/​keys/​ansible-openvpn1"​+    hc_vault_transit_uri:​ "​http://​server.corpX.un:​8200/​v1/​transit/​keys/​ansible-openvpn1"​
   - path_regex: openvpn1/​files/​server.key   - path_regex: openvpn1/​files/​server.key
-    hc_vault_transit_uri:​ "​http://​server.corp13.un:​8200/​v1/​transit/​keys/​ansible-openvpn1"​+    hc_vault_transit_uri:​ "​http://​server.corpX.un:​8200/​v1/​transit/​keys/​ansible-openvpn1
 +#  - path_regex: keycloak-db-secret.yaml 
 +#    hc_vault_transit_uri:​ "​http://​server.corpX.un:​8200/​v1/​transit/​keys/​my-pgcluster"​ 
 +#  - path_regex: values.yaml 
 +#    encrypted_regex:​ adminPassword|password 
 +#    hc_vault_transit_uri:​ "​http://​server.corpX.un:​8200/​v1/​transit/​keys/​my-keycloak"
 </​code><​code>​ </​code><​code>​
-~/openvpn1# sops encrypt ​inventory4.yaml -i+~/openvpn1# sops encrypt ​inventory.yaml
  
-~/openvpn1# sops encrypt ​openvpn1/​files/​server.key ​-i+~/​openvpn1# ​ 
 +sops -e -i inventory.yaml 
 +sops -e -i openvpn1/​files/​server.key
  
-~/openvpn1# cat inventory4.yaml+~/openvpn1# cat inventory.yaml
  
-~/openvpn1# sops edit inventory4.yaml+~/openvpn1# sops edit inventory.yaml
  
-~/openvpn1# sops exec-file ​inventory4.yaml 'echo {}; cat {}'+~/openvpn1# sops exec-file ​inventory.yaml 'echo {}; cat {}'
  
-~/openvpn1# sops exec-file --no-fifo inventory4.yaml '​ansible-playbook openvpn1.yaml -i {}'+~/openvpn1# ###sops --i inventory.yaml
 </​code>​ </​code>​
  
mozilla_sops.1768751224.txt.gz · Last modified: 2026/01/18 18:47 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki