Access the encrypted storage keys in NodeExecutor plugin

[jcdsilva]

Issue type: Seek Information

I have encrypted the storage keys using jasypt

rundeck.storage.converter.1.type=jasypt-encryption rundeck.storage.converter.1.path=keys rundeck.storage.converter.1.config.encryptorType=custom rundeck.storage.converter.1.config.passwordSysPropName=encwithaessha256128 rundeck.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC rundeck.storage.converter.1.config.provider=BC

I have a customized python script which is used as NodeExecutor (SSH plugin).

Questions

1) How can I access these keys in SSH plugin?

Is it like below:

Node level: ssh-key-storage-path attribute on the Node. Applies only to the target node. Project level: project.ssh-key-storage-path property in project.properties. Applies to any project node by default. Rundeck level: framework.ssh-key-storage-path property in framework.properties. Applies to all projects by default.

2) How can I decrypt these keys and use in SSH plugin

My Rundeck detail

Rundeck version: 2.8.1_1 install type: (rpm,deb,war,launcher?) rpm OS Name/version: Linux DB Type/version: mysql? postgres? h2?..

[jcdsilva]

Found that we cannot use the storage keys directly in NodeExecutor script plugin. Have to update the plugin.yaml and read as RD_ variables in script

**_config:

• name: ssh_key_storage_path title: Node SSH Key type: String required: false description: "Optional storage path for Node ssh-key file. Declare a node attribute named ssh-key-storage-path." scope: Instance renderingOptions: selectionAccessor: "STORAGE_PATH" valueConversion: "STORAGE_PATH_AUTOMATICREAD" storage-path-root: "keys" instance-scope-node-attribute: "ssh-key-storage-path" storage-file-meta-filter: "Rundeck-key-type=private"**

During the execution key will be available as RD_CONFIG_SSH_KEY_STORAGE_PATH (decrypted one)

Please correct if I'm wrong

Also If i have to use "instance-scope-node-attribute: ssh-key-storage-path", node entry in resources file should have the key "ssh-key-storage-path" correct?

Suppose I have defined "ssh-key-storage-path" for project (not for nodes) in project.properties, how I can define that in plugin.yaml

[jcdsilva]

@ahonor @gschueler

Need your help here.

[fdevans]

@jcdsilva I'm not sure why this ended up in our Docs repository. Looks like that's not where it started. Is this still an open question for you on a more recent Rundeck version?

[fdevans]

We apologize if this issue was missed. If you are still experiencing this issue on the current version of Rundeck please let us know by opening a new Issue request with version and steps to reproduce on the rundeck/rundeck repository. If you are an Enterprise customer our support personnel are ready to help. Thank you, The Rundeck Team