Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable the user to put certificates into a vault #30

Open
dglauche opened this issue May 8, 2022 · 1 comment
Open

Enable the user to put certificates into a vault #30

dglauche opened this issue May 8, 2022 · 1 comment
Assignees
@splunkenizer
Labels
enhancement

Comments

@dglauche
Copy link

dglauche commented May 8, 2022

I think it would be great to have the certificates (with keys) stored within an ansible vault. As far as I can see thats currently not possible.
To keep the changes as small as possible I would propose to extract them on the manager host before everything starts runnings and remove them afterwards. Introducing a new config setting like {web,server}_cert_in_vault: true/false for the purpose would be a good choice.

What do others think about that approach?
I would be happy to write a PR for that!
@splunkenizer splunkenizer self-assigned this May 13, 2022
@splunkenizer
Copy link
Collaborator

This is on the todo list for some time already. I wanted to add a capability to put all secret stuff into a vault. Also passwords and secrets which are used within the playbooks.
From a security perspective I think pulling them directly from the vault and sending them over without storing would be the best solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@splunkenizer splunkenizer

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@splunkenizer @dglauche