From 14785fa0d1f823734f1b8e7cc70ace87b31052a7 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 8 Mar 2024 11:22:45 -0300
Subject: Fix: docs: TPC: password management through hiera-eyaml

---
 docs/tpc.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/tpc.md b/docs/tpc.md
index de3203a..7e452c3 100644
--- a/docs/tpc.md
+++ b/docs/tpc.md
@@ -66,6 +66,7 @@ If you already have the secret somewhere, you can use a construction like this
 which already adds the eyaml block into the hiera config file:
 
     keyringer $HYDA decrypt /path/to/some/secret | \
+      tr -d '\n' | \
       hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::password >> \
       $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
 
@@ -73,19 +74,22 @@ You can also ensure a fresh random passphrase is used, using your favourite
 generator like this:
 
     head -c ${1:-20} /dev/urandom | base64 | \
+      tr -d '\n' | \
       hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \
       $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
 
 For `passwd(5)` and `shadow(5)` hashed passphrases, use something like this:
 
     mkpasswd -m sha-512 | \
+      tr -d '\n' | \
       hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \
       $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
 
 Or this, for a random passphrase:
 
     head -c ${1:-20} /dev/urandom | base64 | \
-    mkpasswd -m sha-512 --stdin | \
+      mkpasswd -m sha-512 --stdin | \
+      tr -d '\n' | \
       hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \
       $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
 
-- 
cgit v1.2.3