-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
85 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
include::_attributes.adoc[] | ||
|
||
== Fill in the credentials | ||
|
||
The export process is creating files for all the credentials that match the exportation filters, but these generated files are not fully populated, so they must be populated manually: | ||
|
||
.Just after the export process | ||
[.console-input] | ||
[source,console] | ||
---- | ||
$ cat configs/controller/AWX-ORG/credentials/2_AWX-Machine\ Credential.yaml | ||
--- | ||
controller_credentials: | ||
- name: "AWX-Machine Credential" | ||
description: "" | ||
credential_type: "Machine" | ||
organization: "AWX-ORG" | ||
inputs: | ||
password: '' | ||
username: admin | ||
... | ||
---- | ||
|
||
NOTE: Any text editor can be used to fill in the credentials. | ||
|
||
.Once filled in the credentials | ||
[.console-input] | ||
[source,console] | ||
---- | ||
$ vim configs/awx/AWX-ORG/credentials/2_AWX-Machine\ Credential.yaml | ||
$ cat configs/awx/AWX-ORG/credentials/2_AWX-Machine\ Credential.yaml | ||
--- | ||
controller_credentials: | ||
- name: "AWX-Machine Credential" | ||
description: "" | ||
credential_type: "Machine" | ||
organization: "AWX-ORG" | ||
inputs: | ||
password: "{{ vaulted_machine_password }}" | ||
username: "{{ vaulted_machine_username }}" | ||
... | ||
---- | ||
|
||
As can be seen, the proposal here is to use some variables, that will be defined into a separare vaulted yaml file, so no credentials in plain text will be uploaded to the git repository: | ||
|
||
[.console-input] | ||
[source,console] | ||
---- | ||
$ cat > my_vars/vaulted-credentials.yaml <<EOF | ||
--- | ||
vaulted_machine_username: admin | ||
vaulted_machine_password: verysecretpassword | ||
... | ||
EOF | ||
$ ansible-vault encrypt --vault-password-file .vault-password my_vars/vaulted-credentials.yaml | ||
Encryption successful | ||
---- |