document how to set up secrets using SOPS for a new host
Some checks failed
/ Ansible Lint (push) Failing after 1m43s
Some checks failed
/ Ansible Lint (push) Failing after 1m43s
This commit is contained in:
parent
eb70df37f1
commit
66e2e354b1
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
2 changed files with 17 additions and 0 deletions
15
docs/setting_up_secrets_using_sops_for_a_new_host.md
Normal file
15
docs/setting_up_secrets_using_sops_for_a_new_host.md
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# Setting Up Secrets Using SOPS for a New Host
|
||||
|
||||
1. Add a new creation rule for the hosts resources directory.
|
||||
It should probably hold all admin keys.
|
||||
You can use existing creation rules as a reference.
|
||||
2. Create a file containing the relevant secrets in the hosts resources directory.
|
||||
This can be accomplished with a command similar to this:
|
||||
```
|
||||
sops resources/[chaosknoten|z9]/HOSTNAME/secrets.yaml
|
||||
```
|
||||
3. In the following an example on how to then use the `community.sops.sops` lookup plugin to use a secret for a host.
|
||||
In this particular instance the lookup plugin gets used to set the `nextcloud__postgres_password` variable in an inventories `host_vars` file to the secret value of the `DB_PASSWORD` YAML key:
|
||||
```yaml
|
||||
nextcloud__postgres_password: "{{ lookup('community.sops.sops', 'resources/chaosknoten/cloud/secrets.yaml', extract='[\"DB_PASSWORD\"]') }}"
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue