salt.renderers.pass
Pass Renderer for Salt
pass is an encrypted on-disk password store.
New in version 2017.7.0.
Setup
Note: <user> needs to be replaced with the user salt-master will be running as.
Have private gpg loaded into user's gpg keyring
load_private_gpg_key:
cmd.run:
- name: gpg --import <location_of_private_gpg_key>
- unless: gpg --list-keys '<gpg_name>' Said private key's public key should have been used when encrypting pass entries that are of interest for pillar data.
Fetch and keep local pass git repo up-to-date
update_pass:
git.latest:
- force_reset: True
- name: <git_repo>
- target: /<user>/.password-store
- identity: <location_of_ssh_private_key>
- require:
- cmd: load_private_gpg_key Install pass binary
pass: pkg.installed
-
Fetch secret from pass based on pass_path
salt.renderers.pass.render(pass_info, saltenv='base', sls='', argline='', **kwargs)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/renderers/all/salt.renderers.pass.html