From 4fb2b7000483b264a2a001cbd0604a7f3947e1e6 Mon Sep 17 00:00:00 2001 From: Michael Housh Date: Wed, 27 Nov 2024 10:02:12 -0500 Subject: [PATCH] fix: Fixes ansible config and environment variables to utilize the vault-gopass-client file --- ansible/ansible.cfg | 4 +- scripts/scripts/vault-gopass | 78 ------------------------------------ zsh/config/.zshenv | 4 +- 3 files changed, 4 insertions(+), 82 deletions(-) delete mode 100755 scripts/scripts/vault-gopass diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index dda8552..54901cc 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -261,10 +261,10 @@ roles_path={{ ANSIBLE_HOME ~ "~/.local/ansible/roles:/roles:/usr/share/ansible/r ;vars_plugins={{ ANSIBLE_HOME ~ "/plugins/vars:/usr/share/ansible/plugins/vars" }} # (string) The vault_id to use for encrypting by default. If multiple vault_ids are provided, this specifies which to use for encryption. The --encrypt-vault-id cli option overrides the configured value. -;vault_encrypt_identity= +vault_encrypt_identity=michael # (string) The label to use for the default vault id label in cases where a vault id label is not provided -;vault_identity=default +vault_identity=michael # (list) A list of vault-ids to use by default. Equivalent to multiple --vault-id args. Vault-ids are tried in order. ;vault_identity_list= diff --git a/scripts/scripts/vault-gopass b/scripts/scripts/vault-gopass deleted file mode 100755 index 9c2e245..0000000 --- a/scripts/scripts/vault-gopass +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env zsh -# -# An adapter script to use gopass to store and retrieve passwords for ansible vault. -# -# When calling from ansible vault it get's passed --vault-id [ID] which is the id -# of the secret to retrieve. -# - -local secretPath="ansible" - -function usage() { - cat <'. - - Usage: vault-gopass [-s | --set] [-g | --generate] [--vault-id ] [ID] - - -s | --set: Set a new secret for the given ID. - -g | --generate: Used with the set option to automatically generate the secret. - --vault-id : Used to retrieve a secret for the given ID. - -h | --help: Show this usage message. - - Examples: - - # Automatically generate a secret for the 'foo' id. - $ vault-gopass --set --generate foo - - # Retrieve the secret for 'foo' and print it to stdout. - $ vault-gopass --vault-id foo - -EOF -} - -# parse the passed in options, failing if unrecognized options are given. -zparseopts -D -E -F - \ - g=generateFlag -generate=generateFlag \ - h=helpFlag -help=helpFlag \ - s=setFlag -set=setFlag \ - -vault-id:=vaultId \ - || exit 1 - -# check for the help flag, show usage and exit. -[ ${#helpFlag} = 1 ] && usage && exit 0 - -if [ ${#vaultId} = 2 ]; then - # we received the vault-id option, so we print the - # secret to stdout - gopass show --password "$secretPath/${vaultId[-1]}" - -elif [ ${#setFlag} = 1 ]; then - - # Use the first argument as the id, we ask for an id - # if not supplied. - local id=$1 - if [ "$id" = "" ]; then - read -r id\?"Vault ID: " - fi - - # Check for generate flag to automatically generate a password. - [ ${#generateFlag} = 1 ] \ - && gopass generate "$secretPath/$id" 24 \ - && exit 0 - - # Insert a password prompting the user to supply it. - gopass insert "$secretPath/$id" -fi diff --git a/zsh/config/.zshenv b/zsh/config/.zshenv index 9fddc19..72d1844 100755 --- a/zsh/config/.zshenv +++ b/zsh/config/.zshenv @@ -78,8 +78,8 @@ export VAULT_ADDR="https://vault.housh.dev" # Ansible export ANSIBLE_HOME="$XDG_CONFIG_HOME/ansible" -export ANSIBLE_VAULT_PASSWORD_FILE="$XDG_DATA_HOME/ansible/.vaultpwd" -export DEFAULT_VAULT_PASSWORD_FILE="$XDG_DATA_HOME/ansible/.vaultpwd" +export ANSIBLE_VAULT_PASSWORD_FILE="$SCRIPTS/vault-gopass-client" +export DEFAULT_VAULT_PASSWORD_FILE="$SCRIPTS/vault-gopass-client" # Tmux-Sessionator path. export TMUX_SESSIONATOR_PATH="$HOME:$SCRIPTS:$LOCAL_REPOS:$REPOS:$ANSIBLE_LOCAL:$GHREPOS:$HVACIOTREPOS"