forked from paulRbr/ansible-makefile
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpass.sh
executable file
·37 lines (32 loc) · 979 Bytes
/
pass.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/env bash
set -e
env=${env:-}
# ########################
#
# Output your vault passphrase within this script
#
# ===============
#
# = Recommended approach is to use a password manager:
# 1- GPG encrypted password manager (https://www.passwordstore.org/)
# 2- Vault from Hashicorp for example (https://www.hashicorp.com/blog/vault.html)
# 3- ...
#
# ===============
#
# This script is 1- GPG password manager "pass"
#
# ########################
if (command -v pass >/dev/null 2>&1)
then
existingVault=$(pass "ansible-vault/${env}" || true)
if [ -n "${existingVault}" ]
then
>&2 echo "Using passphrase found at 'ansible-vault/${env}' in your password store."
echo "${existingVault}"
else
>&2 echo "No passphrase found at 'ansible-vault/${env}' in your password store."
>&2 echo "Defaulting to an random vault pass. Don't trust it if you are using vaulted variables!"
echo "invalid_vault_pass"
fi
fi