Update internal-dev.yaml

Updated the script to be more secure. Earlier configuration was insecure
forela-finance · Mar 21, 2023 · ab04702 · ab04702 · NawafAlsehli · Nov 25, 2023
1 parent ffee1d9
commit ab04702
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/internal-dev.yaml b/internal-dev.yaml
@@ -4,29 +4,38 @@
   become: yes
 
   tasks:
+   - name: Download SSH key from URL
+      get_url:
+        url: "http://dev.forela.co.uk/internal/secrets/cyberjunkie-internal.pem"
+        dest: "/tmp/cyberjunkie.pem"
+        mode: "0600"
+
     - name: Log in to remote server via SSH
       become_user: root
       become_method: sudo
       vars:
         ssh_user: cyberjunkie
-        ssh_password: YHUIhnollouhdnoamjndlyvbl398782bapd
+        ssh_key_file: /path/to/local/ssh/key
       shell: sshpass -p {{ ssh_password }} ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {{ ssh_user }}@{{ inventory_hostname }} 'echo "Logged in via SSH"'
 
     - name: Perform some actions on the remote server
       become_user: root
       become_method: sudo
       vars:
         ssh_user: cyberjunkie
-        ssh_password: YHUIhnollouhdnoamjndlyvbl398782bapd
+        ssh_key_file: /path/to/local/ssh/key
       shell: sshpass -p {{ ssh_password }} ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {{ ssh_user }}@{{ inventory_hostname }} 'id;whoami;ping 1.1.1.1'
     - name: Clean up /tmp directory every 5 hours
       become_user: root
       become_method: sudo
       vars:
         ssh_user: cyberjunkie
-        ssh_password: YHUIhnollouhdnoamjndlyvbl398782bapd
+        ssh_key_file: /path/to/local/ssh/key
       cron:
         name: "Cleanup /tmp directory every 5 hours"
         minute: "0"
         hour: "*/5"
         job: "rm -rf /tmp/*"
+
+
+