diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2024-03-08 11:22:45 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2024-03-08 11:22:45 -0300 |
commit | 14785fa0d1f823734f1b8e7cc70ace87b31052a7 (patch) | |
tree | 4cea942ca50a1449ddbed016092d6b14cdc37bc6 /docs | |
parent | 3e754e2a0fa49b9e1cff4a09f648dc23c57944c3 (diff) | |
download | hydra-14785fa0d1f823734f1b8e7cc70ace87b31052a7.tar.gz hydra-14785fa0d1f823734f1b8e7cc70ace87b31052a7.tar.bz2 |
Fix: docs: TPC: password management through hiera-eyaml
Diffstat (limited to 'docs')
-rw-r--r-- | docs/tpc.md | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/tpc.md b/docs/tpc.md index de3203a..7e452c3 100644 --- a/docs/tpc.md +++ b/docs/tpc.md @@ -66,6 +66,7 @@ If you already have the secret somewhere, you can use a construction like this which already adds the eyaml block into the hiera config file: keyringer $HYDA decrypt /path/to/some/secret | \ + tr -d '\n' | \ hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::password >> \ $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml @@ -73,19 +74,22 @@ You can also ensure a fresh random passphrase is used, using your favourite generator like this: head -c ${1:-20} /dev/urandom | base64 | \ + tr -d '\n' | \ hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \ $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml For `passwd(5)` and `shadow(5)` hashed passphrases, use something like this: mkpasswd -m sha-512 | \ + tr -d '\n' | \ hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \ $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml Or this, for a random passphrase: head -c ${1:-20} /dev/urandom | base64 | \ - mkpasswd -m sha-512 --stdin | \ + mkpasswd -m sha-512 --stdin | \ + tr -d '\n' | \ hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \ $CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml |