User Tools
mozilla_sops
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
mozilla_sops [2026/02/03 19:06] val |
mozilla_sops [2026/02/14 17:18] (current) val |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * [[https://stackoverflow.com/questions/78211931/how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?]] | * [[https://stackoverflow.com/questions/78211931/how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?]] | ||
| + | |||
| + | * [[Hashicorp Vault]] | ||
| + | * Сервис Ansible [[Сервис Ansible#Роль OpenVPN сервера]] | ||
| <code> | <code> | ||
| Line 19: | Line 22: | ||
| # export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | # export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU | ||
| - | ~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key #-i | + | ~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key --in-place |
| ~/openvpn1# cat openvpn1/files/server.key | ~/openvpn1# cat openvpn1/files/server.key | ||
| - | ~/openvpn1# sops decrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key #-i | + | ~/openvpn1# sops decrypt openvpn1/files/server.key -i |
| - | ~/openvpn1# cat .sops.yaml | + | # cat .sops.yaml |
| </code><code> | </code><code> | ||
| creation_rules: | creation_rules: | ||
| - path_regex: inventory.yaml | - path_regex: inventory.yaml | ||
| encrypted_regex: ^ansible.*pass | encrypted_regex: ^ansible.*pass | ||
| - | hc_vault_transit_uri: "http://server.corp13.un:8200/v1/transit/keys/ansible-openvpn1" | + | hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1" |
| - path_regex: openvpn1/files/server.key | - path_regex: openvpn1/files/server.key | ||
| - | hc_vault_transit_uri: "http://server.corp13.un:8200/v1/transit/keys/ansible-openvpn1" | + | hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1" |
| + | # - path_regex: keycloak-db-secret.yaml | ||
| + | # hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-pgcluster" | ||
| + | # - path_regex: values.yaml | ||
| + | # encrypted_regex: adminPassword|password | ||
| + | # hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-keycloak" | ||
| </code><code> | </code><code> | ||
| - | ~/openvpn1# sops encrypt inventory.yaml -i | + | ~/openvpn1# sops encrypt inventory.yaml |
| + | |||
| + | ~/openvpn1# | ||
| + | sops -e -i inventory.yaml | ||
| + | sops -e -i openvpn1/files/server.key | ||
| ~/openvpn1# cat inventory.yaml | ~/openvpn1# cat inventory.yaml | ||
| Line 41: | Line 53: | ||
| ~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}' | ~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}' | ||
| + | |||
| + | ~/openvpn1# ###sops -d -i inventory.yaml | ||
| </code> | </code> | ||
mozilla_sops.1770134782.txt.gz · Last modified: 2026/02/03 19:06 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
