Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl_pkcs12: add privatekey_content option #452

Merged
merged 1 commit into from
May 9, 2022
Merged

openssl_pkcs12: add privatekey_content option #452

merged 1 commit into from
May 9, 2022

Conversation

felixfontein
Copy link
Contributor

SUMMARY

This allows to store the private key in another form, like in Ansible vault, or encrypted with sops.

Right now it has to be present as a file, which in my setup requires me to write it to a temporary file (unprotected), use it in this module, and then wipe the temporary file in a always: part of a block:. That's a lot of extra code and also dangerous.

(Not that PKCS12 passphrases offer that much more protection...)

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

openssl_pkcs12

@felixfontein felixfontein force-pushed the pkcs12-key-input branch 3 times, most recently from 6b9c083 to ca01812 Compare May 9, 2022 10:55
briantist
briantist approved these changes May 9, 2022
View reviewed changes
Copy link
Contributor

@briantist briantist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes! Love to see changes like this. HashiCorp Vault could be another source for the key, just sayin' 😉

@felixfontein felixfontein merged commit 90efcc1 into ansible-collections:main May 9, 2022
@felixfontein felixfontein deleted the pkcs12-key-input branch May 9, 2022 17:56
@felixfontein
Copy link
Contributor Author

@s-hertel @briantist thanks a lot for reviewing this!

HashiCorp vault is another use-case for this, as is sops. The latter triggered me to do this, since I use sops for my private infrastructure and had to resort to this hack ;-)

This was referenced May 9, 2022
Merged
Merged
@renovate renovate bot mentioned this pull request Sep 29, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briantist briantist briantist approved these changes

@s-hertel s-hertel s-hertel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@felixfontein @briantist @s-hertel