Browse Source

Add edit-secrets script to bridge.o.o

This adds a script that will wrap emacs with gpg-agent when editing the
secrets file. This avoids issues with rogue gpg-agents running on the
system.

Change-Id: Ic3cc73b5c25eab2ede41d8ca05b5695b817973d9
changes/40/639740/1
Clark Boylan 3 years ago
parent
commit
3ec0861e6b
  1. 1
      playbooks/bridge.yaml
  2. 3
      playbooks/roles/edit-secrets-script/README.rst
  3. 2
      playbooks/roles/edit-secrets-script/files/edit-secrets
  4. 5
      playbooks/roles/edit-secrets-script/tasks/main.yaml

1
playbooks/bridge.yaml

@ -23,6 +23,7 @@
- root-keys
- ansible-cron
- cloud-launcher-cron
- edit-secrets-script
tasks:
- name: Allow Zuul to trigger Ansible
authorized_key:

3
playbooks/roles/edit-secrets-script/README.rst

@ -0,0 +1,3 @@
This role installs a script called `edit-secrets` to /usr/local/bin
that allows you to safely edit the secrets file without needing to
manage gpg-agent yourself.

2
playbooks/roles/edit-secrets-script/files/edit-secrets

@ -0,0 +1,2 @@
#!/bin/sh
gpg-agent --daemon emacs /root/passwords/passwords.gpg

5
playbooks/roles/edit-secrets-script/tasks/main.yaml

@ -0,0 +1,5 @@
- name: Copy edit-secrets script
copy:
mode: 0750
src: edit-secrets
dest: /usr/local/bin/edit-secrets
Loading…
Cancel
Save