From 498bd857db0ba222a30ea9b4bf500f2dff1b1614 Mon Sep 17 00:00:00 2001 From: Charles McGarvey Date: Wed, 14 Feb 2018 09:28:48 -0700 Subject: [PATCH] Release App-GroupSecret 0.303 * Improve error messages. * Allow finding pubkeys that are symlinks. --- Changes | 5 +++++ README.md | 16 ++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Changes b/Changes index b766fd5..51e92a5 100644 --- a/Changes +++ b/Changes @@ -2,6 +2,11 @@ Revision history for groupsecret. {{$NEXT}} +0.303 2018-02-14 09:28:23-07:00 MST7MDT + + * Improve error messages. + * Allow finding pubkeys that are symlinks. + 0.302 2017-12-02 11:28:57-07:00 MST7MDT * Documentation fixes. diff --git a/README.md b/README.md index ae8591b..42a7658 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ groupsecret - A simple tool for maintaining a shared group secret # VERSION -version 0.302 +version 0.303 # SYNOPSIS @@ -198,12 +198,12 @@ dependencies: ## GROUPSECRET\_KEYFILE If set, this program will use the value as a path to the keyfile. The ["--file=path"](#file-path) option takes -precedence if it is used. +precedence if used. ## GROUPSECRET\_PRIVATE\_KEY -If set, this program will use the value as a path to the keyfile. The ["--private-key=path"](#private-key-path) option -takes precedence if it is used. +If set, this program will use the value as a path to private key used for decryption. The +["--private-key=path"](#private-key-path) option takes precedence if used. ## GROUPSECRET\_PATH @@ -242,7 +242,7 @@ Then set the secret in the keyfile to a long random number: This will be the Ansible Vault password. You can see it if you want using the ["print-secret"](#print-secret) command, but you don't need to. -Finally, we'll take advantage of the fact that a Ansible Vault password file can be an executable +Then we'll take advantage of the fact that an Ansible Vault password file can be an executable program that prints the Vault password to `STDOUT`. Create a file named `vault-password` with the following script, and make it executable (`chmod +x vault-password`): @@ -261,14 +261,14 @@ significant part of this command is `--vault-id=vault-password` which refers to script we created earlier. You can use that argument with other ansible-vault commands to view or edit the encrypted files. -You can also pass that same argument to `ansible-playbook(1)` in order to use the Vault in +You can also pass that same argument to [ansible-playbook(1)](http://man.he.net/man1/ansible-playbook) in order to use the Vault in playbooks that refer to the encrypted variables: ansible-playbook -i myinventory --vault-id=vault-password site.yml What this does is execute `vault-password` which executes groupsecret to print the secret contained -in the `vault-password.yml` file (which is actually the Vault password) to . In order to do -this, groupsecret will decrypt the keyfile passphrase using any one of the private keys that have +in the `vault-password.yml` file (which is actually the Vault password) to `STDOUT`. In order to +do this, groupsecret will decrypt the keyfile passphrase using any one of the private keys that have associated public keys added to the keyfile. That's it! Pretty easy. -- 2.45.2