salt.renderers.pass
Pass Renderer for Salt
pass is an encrypted on-disk password store.
New in version 2017.7.0.
Setup
Note: <user>
needs to be replaced with the user salt-master will be running as.
Have private gpg loaded into user
's gpg keyring
load_private_gpg_key: cmd.run: - name: gpg --import <location_of_private_gpg_key> - unless: gpg --list-keys '<gpg_name>'
Said private key's public key should have been used when encrypting pass entries that are of interest for pillar data.
Fetch and keep local pass git repo up-to-date
update_pass: git.latest: - force_reset: True - name: <git_repo> - target: /<user>/.password-store - identity: <location_of_ssh_private_key> - require: - cmd: load_private_gpg_key
Install pass binary
pass: pkg.installed
-
Fetch secret from pass based on pass_path
salt.renderers.pass.render(pass_info, saltenv='base', sls='', argline='', **kwargs)
© 2021 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltproject.io/en/latest/ref/renderers/all/salt.renderers.pass.html