-
Notifications
You must be signed in to change notification settings - Fork 24
Add a script source to fetch data / secrets #177
Comments
Not so sure about the caching aspect, only way I have to implement it is as a data store and those are specifically working on a way that what you ask is what you get and it asks each time. So I could write a |
I thought about this one and how I think it will work is this, what do you think @duritong? Valid keys are ^[a-zA-Z0-9_-]+$, no caching. Configurationdata_stores:
shell:
command: store.sh
timeout: 60
cwd: /path/to/store
environment:
anything: anyvalue here timeout, cwd and environment is optional - timeout is a way to kill the command if it never responds. Reading a keyWhen reading store.sh gets run with Writing a keyWhen reading store.sh gets run with The value goes in environment only so you can store stuff that would be hard to quote or cause issues on the shell Deleting a keyWhen deleting store.sh gets run with |
This souns like a good plan, especially handing over potentially secret data over ENV is better, than over the CLI, as it will not show up in the process list. Minor: For writing a key, I assume you meant: |
yup, |
(#177) add a shell script based data store
Out of #170 :
There should be a way that one can fetch data from a script execution. This would allow to integrate any kind of source very easily.
It should be possible to pass other data as argument, so you could do something like the following as
script fetch_password {{{node.fqdn}}}
which would allow you to fetch a password from somewhere through that script.Data should be cached for the time of a playbook execution for the same signature.
The text was updated successfully, but these errors were encountered: