NB-Public/passbolt-salt
13
1
Fork 0
mirror of https://github.com/netzbegruenung/passbolt-salt synced 2024-05-05 13:53:40 +02:00
Code Issues Releases Wiki Activity

Update README, example

Browse source
This commit is contained in:
Sven Seeberg 2022-04-16 19:02:58 +02:00
parent d28de9a8f0
commit 73026a1ebd
Signed by: sven.seeberg
GPG key ID: 29559DD5A83806B5
6 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2020 netzbegruenung Copyright (c) 2022 netzbegruenung
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

15
README.md
View file

@ -2,28 +2,29 @@
This Python module retrieves passwords for Passbolt groups to make them available in Saltstack Pillar. This Python module retrieves passwords for Passbolt groups to make them available in Saltstack Pillar.
# License # License
MIT [MIT](LICENSE)
# Setup # Setup
1. Clone this repo 1. Clone this repo
2. Go to directory, run (requires `python3-setuptools`) 2. Go to directory, run (requires `python3-setuptools`)
``` ```shell
python3 setup.py install python3 setup.py install
``` ```
This will install this module and its dependencies.
3. Create an Passbolt account for the Salt master. 3. Create an Passbolt account for the Salt master.
4. Copy the private and public PGP key files to `/etc/salt`. 4. Copy the private and public PGP key files to `/etc/salt`.
5. Import the private key with 5. Import the private key with
``` ```shell
gpg --import /etc/salt/passbolt_private.asc gpg --import /etc/salt/passbolt_private.asc
``` ```
6. Create a `/etc/salt/passbolt.ini` file with the following content: 6. Create a `/etc/salt/passbolt.ini` file with the following content:
``` ```ini
[PASSBOLT] [PASSBOLT]
SERVER = https://passbolt.example.com SERVER = https://passbolt.example.com
#SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc> #SERVER_PUBLIC_KEY_FILE = <optional: server_public.asc>
@ -34,13 +35,13 @@ MIT
``` ```
7. Change file permissions: 7. Change file permissions:
``` ```shell
chown salt /etc/salt/passbolt* chown salt /etc/salt/passbolt*
chmod 600 /etc/salt/passbolt* chmod 600 /etc/salt/passbolt*
``` ```
8. Create Pillar sls files for the different Salt minions. Use the example below as content for the sls files and replace the group UUID. Hint: you can find the group UUID in the URL of the Passbolt admin interface when editing a group. 8. Create Pillar sls files for the different Salt minions. Use the example below as content for the sls files and replace the group UUID. Hint: you can find the group UUID in the URL of the Passbolt admin interface when editing a group.
``` ```python
#!py #!py
def run(): def run():
from salt_passbolt import fetch_passbolt_passwords from salt_passbolt import fetch_passbolt_passwords
@ -55,7 +56,7 @@ MIT
# YAML Replacement Structure # YAML Replacement Structure
If the Passbolt server is not available, for example during local development, a file with the following format can replace the Python code mentioned in step 8: If the Passbolt server is not available, for example during local development, a file with the following format can replace the Python code mentioned in step 8:
``` ```yaml
passbolt: passbolt:
3ec2a739-8e51-4c67-89fb-4bbfe9147e17: MY_SECRET 3ec2a739-8e51-4c67-89fb-4bbfe9147e17: MY_SECRET
``` ```

3
example/pillars/passbolt/myapp.sls
View file

@ -1,3 +0,0 @@
#!py
fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")

4
example/pillars/passbolt/pwgroup.sls Normal file
View file

@ -0,0 +1,4 @@
#!py
def run():
from salt_passbolt import fetch_passbolt_passwords
return fetch_passbolt_passwords("27b9abd4-af9b-4c9e-9af1-cf8cb963680c")

5
example/pillars/top.sls
View file

@ -1,4 +1,3 @@
base: base:
'myappserver*': 'myappserver.example.com':
- passbolt.myapp - passbolt.pwgroup

1
example/states/top.sls
View file

@ -1,4 +1,3 @@
base: base:
'*': '*':
- important_secrets - important_secrets