Jan Lindemann
18de6f2cf2
jw-pkg.py secrets [sub-command] [packages] is a set of utility commands designed to manage configuration files containing secrets.
To keep secrets from leaking via version control or packages, a _template_ should be packaged for every sensitive configuration file. Then, during post-install, configuration files can be generated from packaged templates via
jw-pkg.py secrets compile-templates <package> <package> ...
During post-uninstall
jw-pkg.py secrets rm-compilation-output <package> <package> ...
removes them.
Not specifying any packages will compile or remove all templates on the system.
To identify which files to consider and generate or remove, the compilation scans <package> for files ending in .jw-tmpl. For each match, e.g.
/path/to/some.conf.jw-tmpl
it will read key-value pairs from
/path/to/some.conf.jw-secret
and generate
/path/to/some.conf
from it, replacing all keys by their respective values. The file attributes of the generated file can be determined by the first line: of some.conf.jw-tmpl or some.conf.jw-secret:
# conf: owner=mysql; group=mysql; mode=0640
There are other commands for managing all secrets on the system at once, see jw-pkg.py secrets --help:
compile-templates Compile package template files list-compilation-output List package compilation output files list-secrets List package secret files list-templates List package template files rm-compilation-output Remove package compilation output filesSigned-off-by: Jan Lindemann <jan@janware.com>
4 lines
138 B
Python
from .CmdProjects import CmdProjects
|
|
from .CmdDistro import CmdDistro
|
|
from .CmdSecrets import CmdSecrets
|
|
from .CmdDistro import CmdDistro
|