Update README, example
This commit is contained in:
parent
d28de9a8f0
commit
73026a1ebd
2
LICENSE
2
LICENSE
|
@ -1,6 +1,6 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2020 netzbegruenung
|
||||
Copyright (c) 2022 netzbegruenung
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
15
README.md
15
README.md
|
@ -2,28 +2,29 @@
|
|||
This Python module retrieves passwords for Passbolt groups to make them available in Saltstack Pillar.
|
||||
|
||||
# License
|
||||
MIT
|
||||
[MIT](LICENSE)
|
||||
|
||||
# Setup
|
||||
|
||||
1. Clone this repo
|
||||
|
||||
2. Go to directory, run (requires `python3-setuptools`)
|
||||
```
|
||||
```shell
|
||||
python3 setup.py install
|
||||
```
|
||||
This will install this module and its dependencies.
|
||||
|
||||
3. Create an Passbolt account for the Salt master.
|
||||
|
||||
4. Copy the private and public PGP key files to `/etc/salt`.
|
||||
|
||||
5. Import the private key with
|
||||
```
|
||||
```shell
|
||||
gpg --import /etc/salt/passbolt_private.asc
|
||||
```
|
||||
|
||||
6. Create a `/etc/salt/passbolt.ini` file with the following content:
|
||||
```
|
||||
```ini
|
||||
[PASSBOLT]
|
||||
SERVER = https://passbolt.example.com
|
||||
#SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc>
|
||||
|
@ -34,13 +35,13 @@ MIT
|
|||
```
|
||||
|
||||
7. Change file permissions:
|
||||
```
|
||||
```shell
|
||||
chown salt /etc/salt/passbolt*
|
||||
chmod 600 /etc/salt/passbolt*
|
||||
```
|
||||
|
||||
8. Create Pillar sls files for the different Salt minions. Use the example below as content for the sls files and replace the group UUID. Hint: you can find the group UUID in the URL of the Passbolt admin interface when editing a group.
|
||||
```
|
||||
```python
|
||||
#!py
|
||||
def run():
|
||||
from salt_passbolt import fetch_passbolt_passwords
|
||||
|
@ -55,7 +56,7 @@ MIT
|
|||
# YAML Replacement Structure
|
||||
|
||||
If the Passbolt server is not available, for example during local development, a file with the following format can replace the Python code mentioned in step 8:
|
||||
```
|
||||
```yaml
|
||||
passbolt:
|
||||
3ec2a739-8e51-4c67-89fb-4bbfe9147e17: MY_SECRET
|
||||
```
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#!py
|
||||
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#!py
|
||||
def run():
|
||||
from salt_passbolt import fetch_passbolt_passwords
|
||||
return fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")
|
|
@ -1,4 +1,3 @@
|
|||
base:
|
||||
'myappserver*':
|
||||
- passbolt.myapp
|
||||
|
||||
'myappserver.example.com':
|
||||
- passbolt.pwgroup
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
base:
|
||||
'*':
|
||||
- important_secrets
|
||||
|
||||
|
|
Loading…
Reference in New Issue