![]() ![]() Having a passphrase is up to you and your security requirements. I simply cancel and choose to not enter a passphrase for simplicity. You will be prompted to enter a passphrase twice by the GPGSuite tool. ❯ brew cask install gpg-suite-no-mail GPG Key Generation # Then fill a proper name and an email address. I keep the RSA & RSA default, # 4096 for the key length and no expiration (update to your needs). To install the tools, I simply used homebrew. GPGSuite (an utility to manage the keys and to integrate with the Apple Ke圜hain easily).gpg2 (the core util to manage the keys and to encrypt/decrypt the files).On Mac OS X, I installed the following tools: I will try to introduce briefly the GPG solution for those who have some interest in this possibility. I want to use HashiCorp Vault because it seems to be a complete solution even for the community edition. As already explained, for my lab, my goal is to explore as much as possible of technologies. ![]() This is what we implemented in my job.įinally, you can find other solution like Ansible Vault which are far more complete and addresses larger use cases. When you do not have hundreds of secrets, this solution is enough. This is quite simple, not too difficult to put in place. You can also build your own solution with ansible var files (yaml files) that you “simply” encrypt with a solution like GPG. We can debate if storing the encrypted file is a good or a bad idea on GitHub, but at least it is far better than having clear text files with credentials on such platform □. I used this in the past to store my different playbooks and roles in GitHub. In addition, you can use multiple Vaults and organize them with your inventories.ĭoing so helps you to organize and constrain the secrets related to the inventory. The mechanism offered by Ansible is built in and can be enough for various use cases. You can use Ansible Vault which allow to encrypt all your sensitive information. To store secrets, credentials, certificates with Ansible, you have several possibilities. Photo by Jan Antonin Kolar on Unsplash Introduction ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |