From: Charles McGarvey Date: Sat, 2 Dec 2017 18:32:27 +0000 (-0700) Subject: add documentation fixes X-Git-Url: https://git.brokenzipper.com/gitweb?a=commitdiff_plain;h=2741a7ff32be159117069c3c7cea5c6423d465be;p=chaz%2Fgroupsecret add documentation fixes --- diff --git a/bin/groupsecret b/bin/groupsecret index 0701d69..04d0888 100755 --- a/bin/groupsecret +++ b/bin/groupsecret @@ -195,12 +195,12 @@ dependencies: =head2 GROUPSECRET_KEYFILE If set, this program will use the value as a path to the keyfile. The L option takes -precedence if it is used. +precedence if used. =head2 GROUPSECRET_PRIVATE_KEY -If set, this program will use the value as a path to the keyfile. The L option -takes precedence if it is used. +If set, this program will use the value as a path to private key used for decryption. The +L option takes precedence if used. =head2 GROUPSECRET_PATH @@ -239,7 +239,7 @@ Then set the secret in the keyfile to a long random number: This will be the Ansible Vault password. You can see it if you want using the L command, but you don't need to. -Finally, we'll take advantage of the fact that a Ansible Vault password file can be an executable +Then we'll take advantage of the fact that an Ansible Vault password file can be an executable program that prints the Vault password to C. Create a file named F with the following script, and make it executable (C): @@ -258,14 +258,14 @@ significant part of this command is C<--vault-id=vault-password> which refers to script we created earlier. You can use that argument with other ansible-vault commands to view or edit the encrypted files. -You can also pass that same argument to C in order to use the Vault in +You can also pass that same argument to L in order to use the Vault in playbooks that refer to the encrypted variables: ansible-playbook -i myinventory --vault-id=vault-password site.yml What this does is execute F which executes groupsecret to print the secret contained -in the F file (which is actually the Vault password) to . In order to do -this, groupsecret will decrypt the keyfile passphrase using any one of the private keys that have +in the F file (which is actually the Vault password) to C. In order to +do this, groupsecret will decrypt the keyfile passphrase using any one of the private keys that have associated public keys added to the keyfile. That's it! Pretty easy.