Add edit-secrets script to bridge.o.o
This adds a script that will wrap emacs with gpg-agent when editing the secrets file. This avoids issues with rogue gpg-agents running on the system. Change-Id: Ic3cc73b5c25eab2ede41d8ca05b5695b817973d9
This commit is contained in:
parent
2f542dd518
commit
3ec0861e6b
@ -23,6 +23,7 @@
|
||||
- root-keys
|
||||
- ansible-cron
|
||||
- cloud-launcher-cron
|
||||
- edit-secrets-script
|
||||
tasks:
|
||||
- name: Allow Zuul to trigger Ansible
|
||||
authorized_key:
|
||||
|
3
playbooks/roles/edit-secrets-script/README.rst
Normal file
3
playbooks/roles/edit-secrets-script/README.rst
Normal file
@ -0,0 +1,3 @@
|
||||
This role installs a script called `edit-secrets` to /usr/local/bin
|
||||
that allows you to safely edit the secrets file without needing to
|
||||
manage gpg-agent yourself.
|
2
playbooks/roles/edit-secrets-script/files/edit-secrets
Normal file
2
playbooks/roles/edit-secrets-script/files/edit-secrets
Normal file
@ -0,0 +1,2 @@
|
||||
#!/bin/sh
|
||||
gpg-agent --daemon emacs /root/passwords/passwords.gpg
|
5
playbooks/roles/edit-secrets-script/tasks/main.yaml
Normal file
5
playbooks/roles/edit-secrets-script/tasks/main.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
- name: Copy edit-secrets script
|
||||
copy:
|
||||
mode: 0750
|
||||
src: edit-secrets
|
||||
dest: /usr/local/bin/edit-secrets
|
Loading…
Reference in New Issue
Block a user