-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(ansible): read from keepass (#34)
- Loading branch information
Showing
12 changed files
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Ansible reads from KeePass | ||
|
||
For small projects, I'd still like to handle their credentials carefully while keeping the effort small. | ||
|
||
Since KeePass is a low-effort Password Manager, why not get automation tools to read credentials from KeePass? | ||
Then, having been read, those credentials are available for downstream processes. | ||
|
||
More details are in the [TIL entry](https://til.juliusgamanyi.com/posts/ansible-read-from-keypass/). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
3.11.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
[defaults] | ||
inventory = hosts | ||
# pre-create two vault password files | ||
vault_identity_list = inline@securevars/files/.inline_pass, files@securevars/files/.files_pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# useful for testing locally. | ||
# https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html | ||
localhost ansible_connection=local ansible_python_interpreter="{{ansible_playbook_python}}" gather_facts=false |
1 change: 1 addition & 0 deletions
1
ansible/ansible-reads-keypass/ansible/securevars/files/.files_pass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
use-this-to-encrypt-files |
1 change: 1 addition & 0 deletions
1
ansible/ansible-reads-keypass/ansible/securevars/files/.inline_pass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
use-this-to-encrypt-strings |
Binary file added
BIN
+2.23 KB
ansible/ansible-reads-keypass/ansible/securevars/files/AnsibleTilPrototype.kdbx
Binary file not shown.
1 change: 1 addition & 0 deletions
1
ansible/ansible-reads-keypass/ansible/securevars/files/keepass.secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
keypass_passwd: S4per S3cret |
11 changes: 11 additions & 0 deletions
11
ansible/ansible-reads-keypass/ansible/securevars/host_vars/localhost.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
## vars for module, viczem.keepass | ||
# Socket TTL in seconds | ||
keepass_ttl: 10 | ||
keepass_dbx: "securevars/files/AnsibleTilPrototype.kdbx" | ||
keepass_psw: !vault | | ||
$ANSIBLE_VAULT;1.2;AES256;inline | ||
62633933306634396266633938353930666338656666633632383134656662653764326234636435 | ||
6333663362386636623738376538616361343036653838330a333338383765306666646562306335 | ||
66643162373032323533386638336531626535373532326439633262323035373232343461323731 | ||
3865326161376265660a333939316535303938333739333661313437396633623761663937613938 | ||
36316365393563363631313637346532646561363735343038663934663863313161 |
8 changes: 8 additions & 0 deletions
8
ansible/ansible-reads-keypass/ansible/securevars/tasks/get_from_keepass.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
- name: get vars | ||
ansible.builtin.include_vars: host_vars/localhost.yaml | ||
no_log: True | ||
|
||
# see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/set_fact_module.html | ||
# item on left-side of equals is what was passed into this task. | ||
# after lookup in keepass, item is set again | ||
- ansible.builtin.set_fact: "{{ item }}={{ lookup('viczem.keepass.keepass', 'AnsibleWithKeePass/{{ item }}', 'username') }}" |
8 changes: 8 additions & 0 deletions
8
ansible/ansible-reads-keypass/ansible/securevars/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# call task 'get_from_keepass.yml', passing to it, 'test_a' | ||
- include_tasks: get_from_keepass.yml | ||
with_items: | ||
- "test_a" | ||
|
||
- name: Display KeePass Output | ||
debug: | ||
msg: "Keepass Output is '{{ test_a }}' " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
- hosts: localhost | ||
roles: | ||
- securevars |