We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate keystore file with below command:
keytool -keystore keystore -import -alias cert -file cert.crt -trustcacerts
But after write it to vault and read it again, I found the file is changed.
# original $ md5sum keystore 2a8231bf6b87d4f49615625d420e5894 keystore # export from vault read $ md5sum keystore 9151fd3262a8773f8cfc2d1790d37e52 keystore
I got error in java:
java.io.IOException: Invalid keystore format
Read the comments in hashicorp/vault#1286, I encode the keystore content with below command to avoid this issue, it works.
$ base64 keystore | vault write secret/keystore value=- $ vault read -field=value secret/keystore | base64 -d > keystore.out $ md5sum keystore* 2a8231bf6b87d4f49615625d420e5894 keystore 2a8231bf6b87d4f49615625d420e5894 keystore.out
But when read the content with ansible-vault.
ansible-vault
$ cat default/main.yml: keystore: "{{ lookup('vault','secret/keystore', 'vault') | b64decode }}" $ cat tasks/main.yml - name: copy keystore files copy: content="{{ keystore }}" dest="/etc/ssl/keystore"
It is changed:
$ md5sum keystore de81adbb412edba3a630ba6f1bcb5d34 keystore
The text was updated successfully, but these errors were encountered:
Ok, confirm the problem is not in ansible-vault, try to not pipe lookup result to jinja2 filter, still same issue.
something else, maybe in jinja2 filter b64decode
b64decode
keystore_base64: "{{ lookup('vault','secret/keystore', 'vault') }}" keystore: "{{ keystore_base64 | b64decode }}"
But this works:
keystore_base64: "{{ lookup('vault','secret/keystore', 'vault') }}" - name: copy keystore files copy: content="{{ keystore_base64 }}" dest="/etc/ssl/keystore.base64" - name: decode shell: "base64 -d /etc/ssl/keystore.base64 > /etc/ssl/keystore"
Sorry, something went wrong.
something with exist known issue:
ansible/ansible#13794
No branches or pull requests
generate keystore file with below command:
But after write it to vault and read it again, I found the file is changed.
I got error in java:
Read the comments in hashicorp/vault#1286, I encode the keystore content with below command to avoid this issue, it works.
But when read the content with
ansible-vault
.It is changed:
The text was updated successfully, but these errors were encountered: