=head2 GROUPSECRET_KEYFILE
If set, this program will use the value as a path to the keyfile. The L</--file=path> option takes
-precedence if it is used.
+precedence if used.
=head2 GROUPSECRET_PRIVATE_KEY
-If set, this program will use the value as a path to the keyfile. The L</--private-key=path> option
-takes precedence if it is used.
+If set, this program will use the value as a path to private key used for decryption. The
+L</--private-key=path> option takes precedence if used.
=head2 GROUPSECRET_PATH
This will be the Ansible Vault password. You can see it if you want using the L</print-secret>
command, but you don't need to.
-Finally, we'll take advantage of the fact that a Ansible Vault password file can be an executable
+Then we'll take advantage of the fact that an Ansible Vault password file can be an executable
program that prints the Vault password to C<STDOUT>. Create a file named F<vault-password> with the
following script, and make it executable (C<chmod +x vault-password>):
script we created earlier. You can use that argument with other ansible-vault commands to view or
edit the encrypted files.
-You can also pass that same argument to
C<ansible-playbook(1)> in order to use the Vault in
+You can also pass that same argument to
L<ansible-playbook(1)> in order to use the Vault in
playbooks that refer to the encrypted variables:
ansible-playbook -i myinventory --vault-id=vault-password site.yml
What this does is execute F<vault-password> which executes groupsecret to print the secret contained
-in the F<vault-password.yml> file (which is actually the Vault password) to <STDOUT>. In order to do
-this, groupsecret will decrypt the keyfile passphrase using any one of the private keys that have
+in the F<vault-password.yml> file (which is actually the Vault password) to C<STDOUT>. In order to
+do this, groupsecret will decrypt the keyfile passphrase using any one of the private keys that have
associated public keys added to the keyfile.
That's it! Pretty easy.
projects / chaz / groupsecret / commitdiff
