Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
51 lines (39 sloc) 1.96 KB

Templating

In order to increase the security there is a simple templating mechanism that allows to inject variables into parameters you define that are passed to the checks.

Example:

{
    "type": "ssh-command",
    "input": {
        "user": "thesecurityman",
        "host": "iwa-ait.org",
        "port": 6200,
        "password": "${ENV.IWA_SECURITY_MAN_PASSWD}",
        "command": "/usr/bin/some-security-check --is-secure",
        "expected_exit_code": 0,
        "timeout": 30
    }
}

Reference table

Pattern Example Description
${ENV.*} ${ENV.USER} Injects an environment variable from the host
${checkName} http Name of the currently executed check
${date} 2019-10-31T07:53:45.380307 Current date and time

Example strategy of deploying passwords with Docker Compose and Ansible

  1. Encrypt your passwords with ansible-vault
  2. Decrypt them during deployment into .env on target machine for docker-compose
  3. In docker-compose service definition pass variable explicitly from the .env file
environment:
    # variables in checks
    - IWA_SECURITY_MAN_PASSWD=${IWA_SECURITY_MAN_PASSWD}
You can’t perform that action at this time.