certbot_dns: move secrets to password store
This commit is contained in:
parent
27dac09549
commit
d94e79f8b7
|
@ -27,11 +27,11 @@
|
|||
expect:
|
||||
command: ktutil
|
||||
responses:
|
||||
".*:":
|
||||
- "add_entry -password -p {{ ldap_user }} -k 1 -e aes256-cts-hmac-sha1-96"
|
||||
- "{{ ldap_pass }}"
|
||||
- "write_kt /etc/krb5.keytab"
|
||||
- "exit"
|
||||
'.*:':
|
||||
- 'add_entry -password -p {{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }} -k 1 -e aes256-cts-hmac-sha1-96'
|
||||
- '{{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_pass") }}'
|
||||
- 'write_kt /etc/krb5.keytab'
|
||||
- 'exit'
|
||||
args:
|
||||
creates: /etc/krb5.keytab
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
dns={{ dns[0] }}
|
||||
ldap_user={{ ldap_user }}
|
||||
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
|
||||
ttl=10
|
||||
|
||||
kinit -k -t /etc/krb5.keytab "${ldap_user}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
dns={{ dns[0] }}
|
||||
ldap_user={{ ldap_user }}
|
||||
ldap_user={{ lookup("passwordstore", "hosts/"~inventory_hostname, subkey="ldap_user") }}
|
||||
|
||||
kinit -k -t /etc/krb5.keytab "${ldap_user}"
|
||||
nsupdate -g <<EOF
|
||||
|
|
Loading…
Reference in a new issue