Add roles to add/remove a GPG key
Current usage of gpg keys involves a single role that adds, signs, and removes the key all in one. Some jobs may need the GPG key installed normally onto the remote host, then left in place, and later removed. This change facilitates that. Change-Id: I2f13f0c4de91808ba1bbdcc0fd20a547e43d602b
This commit is contained in:
parent
361b11f3e3
commit
5f75a2d004
|
@ -0,0 +1,12 @@
|
|||
Install a GPG private key onto a host.
|
||||
|
||||
**Role Variables**
|
||||
|
||||
.. zuul:rolevar:: gpg_key
|
||||
|
||||
Complex argument which contains the GPG private key. It is
|
||||
expected that this argument comes from a `Secret`.
|
||||
|
||||
.. zuul:rolevar:: private
|
||||
|
||||
The ascii-armored contents of the GPG private key.
|
|
@ -0,0 +1,18 @@
|
|||
- name: Create GPG private key tempfile
|
||||
tempfile:
|
||||
state: file
|
||||
register: gpg_private_key_tmp
|
||||
|
||||
- name: Stage GPG private key for importing
|
||||
copy:
|
||||
content: "{{ gpg_key.private }}"
|
||||
dest: "{{ gpg_private_key_tmp.path }}"
|
||||
mode: 0400
|
||||
|
||||
- name: Import GPG private key
|
||||
command: "gpg --allow-secret-key-import --import {{ gpg_private_key_tmp.path }}"
|
||||
|
||||
- name: Delete staged GPG private key
|
||||
file:
|
||||
path: "{{ gpg_private_key_tmp.path }}"
|
||||
state: absent
|
|
@ -0,0 +1 @@
|
|||
Remove an added GPG key from the host.
|
|
@ -0,0 +1,2 @@
|
|||
- name: Remove GPG key
|
||||
command: "sh -c 'shred -u ~/.gnupg/*'"
|
Loading…
Reference in New Issue