search

pressly / sup

Super simple deployment tool - think of it like 'make' for a network of servers
https://pressly.github.io/sup
MIT License
2.48k stars 178 forks source link

[feature request] support encrypted password in Supfile #146

Closed kadefor closed 6 years ago

kadefor commented 6 years ago

If parse Supfile as golang text/template, we can add "decrypt" function into go template FuncMap and the sup command can add --encrypt flag to encrypt password string.

first, 

MacBook:sup kadefor$ /tmp/sup --encrypt
Vault Password:
Retype:
Please enter password string to encrypt:
GmxLs62ZsHD4XK1PL2gHBsAGw4srcADOSHjS5cCNuxzEcJW-zA==

Then, we can use the "decrypt" function like this:

Supfile

networks:
  dev:
    hosts:
        - ssh://root@{{ decrypt "GmxLs62ZsHD4XK1PL2gHBsAGw4srcADOSHjS5cCNuxzEcJW-zA==" }}@192.168.1.1

or:

networks:
  dev:
    hosts:
        - root@192.168.1.1
        - tom@192.168.1.2
    password: {{ decrypt "GmxLs62ZsHD4XK1PL2gHBsAGw4srcADOSHjS5cCNuxzEcJW-zA==" }}

or:

networks:
  dev:
    user: root
    hosts:
        - tom:{{ decrypt "GmxLs62ZsHD4XK1PL2gHBsAGw4srcADOSHjS5cCNuxzEcJW-zA==" }}@alias_in_ssh_config

        - name: other_alias_in_ssh_config
          hostname: 192.168.1.1
          user: root
          port: 22
          identity_file: ~/.ssh/id_rsa.dev01
          env:
              ABC: 123
              XYZ: 456

        - name: 192.168.1.2
          port: 22
          password: {{ decrypt "GmxLs62ZsHD4XK1PL2gHBsAGw4srcADOSHjS5cCNuxzEcJW-zA==" }}

run,

MacBook:sup kadefor$ /tmp/sup --ask-vault-pass ...

I had implemented the feature basically, but it depends on "per host config" and "go template".

While my PR #145 was closed, so I hope the community could add the feature.

VojtechVitek commented 6 years ago

You could use host inventory:

networks:
  dev:
    inventory: ./hosts-with-decrypted-passwords.sh
kadefor commented 6 years ago

@VojtechVitek thank you for your reply. While it's not a feature and it is useless, I will close the issue. :)