Skip to content

miska/atpass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

atpass - Password store renderer for Salt Stack

This is a custom renderer for SaltStack. It is using awesome Password Store project to store the secrets.

Usage

This renderer expects to be run after data rendered, so it will have a structure at the input. Typically you want to specify the following shebang in your pillar/state.

#!jinja|yaml|atpass

That way, you have ordinary jinja|yaml parsing, but at the end, secrets are propagated from Password Store as well.

Generally it ignores any element except those with values starting with @pass. Those will be expanded if possible. After a key word, it expects the list of possible paths within Password Store. You can provide multiple paths, first one that succeeds is used. If none exists, the origin value is used. This allows you to specify the default value and override it in specific cases. For example like this:

#!jinja|yaml|atpass

mysql:
  server:
    root_password: "@pass mysql/{{ grains['id'] }}/root mysql/default/root"

About

Password Store renderer fo Salt Stack

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages