From d4c9b8c883d179b04b9573c8bf7bf6a1c1717771 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Sun, 16 Jun 2024 20:05:09 +0200 Subject: [PATCH] Improve Signed-off-by: Christian Berendt --- .../configuration-repository.md | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/docs/guides/configuration-guide/configuration-repository.md b/docs/guides/configuration-guide/configuration-repository.md index f069519845..13410a15a7 100644 --- a/docs/guides/configuration-guide/configuration-repository.md +++ b/docs/guides/configuration-guide/configuration-repository.md @@ -483,22 +483,30 @@ $ osism apply facts ERROR: The configuration repository is locked. ``` -## Working with encrypted secrets +## Working with encrypted files -To make it easier to work with secrets, the Configuration Repository has several make targets that can be used to display and change them. +To make it easier to work with encrypted files, the configuration repository has several make +targets that can be used to view encrypted files and to edit encrypted files. + +* Show secrets in all encrypted files. + + This opens a pager, e.g. less, and you can search with `/` for specific files, keys and passwords. -* Show all encrypted secrets - (This opens a "less" pager, you can search with `/` for files, keys and passwords ``` make ansible_vault_show ``` -* Change or add secrets secrets - (your $EDITOR is opened + +* Change or add secrets in an encrypted file with the editor set in ` $EDITOR`. + ``` make ansible_vault_edit FILE=environments/secrets.yml EDITOR=nano ``` -* Re-encrypt all data with a new secret + +* Re-encrypt all encrypted files with a new key. + + This creates a new `secrets/vaultpass` and creates backups of the old to + `secrets/vaultpass_backup_`. + ``` make ansible_vault_rekey ``` - This creates a new `secrets/vaultpass` and creates backups of the old to `secrets/vaultpass_backup_`.