https://stage.closedwontfix.it/posts/ Recent content in Posts on CLOSED-WONTFIX Hugo -- gohugo.io en-us torture_harps Fri, 24 Mar 2023 10:00:33 -0600 https://stage.closedwontfix.it/posts/welcome/ Fri, 24 Mar 2023 10:00:33 -0600 https://stage.closedwontfix.it/posts/welcome/ I Suppose You&rsquo;re All Wondering Why We Called You Here Hello, we are a group of friendly tech folk! We owe so much of our career to the kindness of strangers. Specifically, the kind strangers who write tech blogs. In the interest of paying off this karmic debt, we join together to publish our own tech blog. Valued Guest, please enjoy our various and sundry articles. We shall publish at least one new article per month. <h1 id="i-suppose-youre-all-wondering-why-we-called-you-here">I Suppose You&rsquo;re All Wondering Why We Called You Here</h1> <p>Hello, we are a group of friendly tech folk! We owe so much of our career to the kindness of strangers. Specifically, the kind strangers who write tech blogs.</p> <p>In the interest of paying off this karmic debt, we join together to publish our own tech blog. Valued Guest, please enjoy our various and sundry articles. We shall publish at least one new article per month.</p> <h2 id="you-might-call-that">You might call that:</h2> <p>The closedwontfix.it Promise!™</p> <h2 id="following-along">Following along</h2> <p>Our repos, including the one for the site itself, are hosted on <a href="https://codeberg.org/closedwontfix.it">codeberg.org</a>. Codeberg is a great SCM hosting option for FOSS enthuasists, more details about it <a href="https://docs.codeberg.org/getting-started/what-is-codeberg/#what-is-codeberg-e.v.%3F">here</a>.</p> https://stage.closedwontfix.it/posts/ansible-vault-yq/ Mon, 01 Jan 0001 00:00:00 +0000 https://stage.closedwontfix.it/posts/ansible-vault-yq/ Easily view Ansible-vault secrets with yq As you probably know, ansible-vault is a good way to keep your secrets&hellip;secret. There&rsquo;s at least two ways to handle vault secrets in your ansible roles: Put them in a separate file, such as &lsquo;secrets.yml&rsquo;. This makes it easy to encrypt/decrypt as needed, but hides the keys as well as the values. Encrypt the secrets in-line, which reveals the keys, but makes it a bit of a pain to decrypt the individual secrets. <h1 id="easily-view-ansible-vault-secrets-with-yq">Easily view Ansible-vault secrets with yq</h1> <p>As you probably know, ansible-vault is a good way to keep your secrets&hellip;secret.</p> <p>There&rsquo;s at least two ways to handle vault secrets in your ansible roles:</p> <ul> <li>Put them in a separate file, such as &lsquo;secrets.yml&rsquo;. This makes it easy to encrypt/decrypt as needed, but hides the keys as well as the values.</li> <li>Encrypt the secrets in-line, which reveals the keys, but makes it a bit of a pain to decrypt the individual secrets.</li> </ul> <p>For this site, we&rsquo;ve chosen the latter approach. So how best to decrypt individual secrets? Let&rsquo;s try <code>yq</code>!</p> <h2 id="ok-but-whats-yq">OK, but what&rsquo;s &ldquo;yq&rdquo;?</h2> <p>In <a href="https://mikefarah.gitbook.io/yq/">the words of its developer</a>, yq is &ldquo;a lightweight and portable command-line YAML processor.&rdquo; As you may have guessed by the name, it is inspired by <code>jq</code>.</p> <h2 id="por-ejemplo">Por Ejemplo</h2> <p>Given the defaults file as below:</p> <p><code>cat grafana/defaults/main.yml</code></p> <pre tabindex="0"><code>grafana_admin_pass: !vault | $ANSIBLE_VAULT;1.2;AES256;mir 34643432656563306237616661336566646362316632636561326532303662303635323336336461 3639663532313635373161316132656434393763373964390a343462326466336138663734393630 65633633353032613632313730656463383237616230393532656230316161623333633234666364 6435366464306161300a656261323733326432396638623264333633366339353362316532633836 64393737303039326530373431623433326161316564646631393439663639383734643934666536 6337646663393136383237306461376535316663373965666539 </code></pre><p>You can easily decrypt the secret using the following command: <code>cat grafana/defaults/main.yml | yq -r &quot;.grafana_admin_pass&quot; | ansible-vault decrypt</code></p> <p>Which returns:</p> <pre tabindex="0"><code>Decryption successful 6C0F6611-62D7-43E6-B0DD-1E174A3329E7 </code></pre><p>As Stan the Man might say&hellip;Excelsior!</p>