pipe w/o -e

branson matheson branson at sandsite.org
Wed Feb 5 14:23:13 CET 2020


Specifically .. to audit and update passwords in local vault from 1pw vault for ansible. And then use pass to produce the password when needed. If the env var ANSIBLE_VAULT_PASSWORD_FILE is an executable .. Ansible executes it it takes STDOUT as the password .. so the pw is stored encrypted in pass at rest.  Very convenient.

for env in ${ENVS}; do
  echo "  - checking ${env}"

 # get password from onepassword
  op_vault_pw=$( ${OP_EXE} get item ${env}_ansible_vault | jq '.details.password' | tr -d '"' )

  # test for existence and pull and validate
  if [[ -d ${PASS_STORE} && \
       -d ${PASS_STORE}/${env} && \
       -f ${PASS_STORE}/${env}/ansible_vault_password.gpg ]]; then
    pass_vault_pw=$( ${PASS_EXE} ${env}/ansible_vault_password )
  fi

  # write if needing update
  if [[ -z "${pass_vault_pw}" || \
           "${op_vault_pw}" != "${pass_vault_pw}" ]]; then
    echo "     - updating ${env}/ansible_vault_password password from one password"
    echo -n "${op_vault_pw}" | pass insert -e -f "${env}/ansible_vault_password"
  fi
 unset op_vault_pw
  unset pass_vault_pw

done


ANSIBLE_VAULT_PASSWORD_FILE ...

 > cat bin/ansible_vault_password
#! /bin/sh
# use pass to determine password for this env and return it

pass ${ENV}/ansible_vault_password


Where i got tripped up is forgot the -e on the 'pass insert' line .. but didnt' get an error.  Hope this makes it more clear.

 - b
branson matheson
branson at sandsite.org



> On Feb 5, 2020, at 07:36, password-store at storiepvtride.it wrote:
> 
> Am 05.02.20 um 00:00 schrieb branson matheson:
>> Ran into an issue where 
>> 
>>    echo "password" | pass insert foo/bar/baz 
> 
> Just out of curiosity, what is your use case for that command instead of:
> 
> 	pass generate -i foo/bar/baz
> 
> Cheers,
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20200205/24114e32/attachment.html>


More information about the Password-Store mailing list