aboutsummaryrefslogtreecommitdiff
path: root/docs/tpc.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/tpc.md')
-rw-r--r--docs/tpc.md6
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/tpc.md b/docs/tpc.md
index de3203a..7e452c3 100644
--- a/docs/tpc.md
+++ b/docs/tpc.md
@@ -66,6 +66,7 @@ If you already have the secret somewhere, you can use a construction like this
which already adds the eyaml block into the hiera config file:
keyringer $HYDA decrypt /path/to/some/secret | \
+ tr -d '\n' | \
hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::password >> \
$CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
@@ -73,19 +74,22 @@ You can also ensure a fresh random passphrase is used, using your favourite
generator like this:
head -c ${1:-20} /dev/urandom | base64 | \
+ tr -d '\n' | \
hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \
$CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
For `passwd(5)` and `shadow(5)` hashed passphrases, use something like this:
mkpasswd -m sha-512 | \
+ tr -d '\n' | \
hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \
$CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml
Or this, for a random passphrase:
head -c ${1:-20} /dev/urandom | base64 | \
- mkpasswd -m sha-512 --stdin | \
+ mkpasswd -m sha-512 --stdin | \
+ tr -d '\n' | \
hydra $HYDRA eyaml $VOLNAME encrypt -q -o block --stdin -l some::random:password >> \
$CONFIG_FOLDER/puppet/config/secrets/node/$VOLNAME.$DOMAIN.yaml