pyrocufflink: Encrypt root password with age
Since we are encrypting an inventory variable with a very wide scope
here, essentially every play needs the Ansible Vault password.
Encrypting the value with `age` and only decrypting it when its used (by
the *base* role), the key is only necessary when provisioning a new
machine.
This value is encrypted using the following age key:
age197zq0l27nwxj74d4pmpat6kqqth235mdc0ggmfm3006v0fy7advsg9ljts
no-vault-in-inventory
parent
e3d0b5e918
commit
1ac58c5148
|
|
@ -1,15 +0,0 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
61356562653238383736396230336365316334303632343731303938326232336566653863376332
|
|
||||||
3533306661663236613836643137656339633534653732340a303636616465616563353530373738
|
|
||||||
31303965383836653831366632323366356631303436323132613731326534393730373036363761
|
|
||||||
3532633438353364650a356137383232316131653638383465616337373139396266316633343930
|
|
||||||
39356137363036663536646436363135353431396433366163666664376164353838316466653165
|
|
||||||
61343738326232393366646361383263633532613630663835623365616233646634373432343731
|
|
||||||
39353462643438316636353539353035323639623031346665646437636366363637383530343034
|
|
||||||
65346538363733303339313130613639663566396435336564326432333461323332336239323435
|
|
||||||
62336166386431383936306664663163373939316433373233643134303438656137303735656434
|
|
||||||
33343438653733663238316134393632376666306530376464616535623732363162396634623963
|
|
||||||
66616534636439343135313630643735623063376231393961643961356231303536626361383636
|
|
||||||
31386131353836333432376461343736653964393030656135333337393966363136613438663439
|
|
||||||
66316363393334666336623736613437616637306235656532366231623666313332343665616561
|
|
||||||
3835633439353139626438663263343865383863663832623437
|
|
||||||
|
|
@ -0,0 +1,17 @@
|
||||||
|
root_password: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSY3JZdjhyKzhVYUloZ1Vn
|
||||||
|
Y1NZSHVaNDJLRjZBVkdvNHhSR2d5Q0JMc3djCmszc0ozTFVObFBhWEl4WExYd3pp
|
||||||
|
d2IzSGExUlI3eGtDOTBJejRjTWoveDgKLS0tIHNxa1NMYmduM2ZDWHNKWUw0M21N
|
||||||
|
Z1J3MU10bXRmendiN2M1VWVxb1Brc1EKslZr6qvtp1RCGl2+9fbuHY34+qS5xQRE
|
||||||
|
BqegwvR31NA1/I3ULLEmem7/ysdH/qWemlSvkIhmITExDTiNQ7IWiw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
root_password_hash: >-
|
||||||
|
{{
|
||||||
|
root_password
|
||||||
|
| decrypt
|
||||||
|
| password_hash(
|
||||||
|
'sha512',
|
||||||
|
65534 | random(seed=inventory_hostname) | string
|
||||||
|
)
|
||||||
|
}}
|
||||||
Loading…
Reference in New Issue