Ask Your Question
0

How can I use eyaml to encrypt yaml block?

asked 2017-08-28 16:58:38 -0500

Red Cricket gravatar image

updated 2017-08-28 16:58:56 -0500

Let say I am storing some block hiera data like a certificate like this in my hieradata:

my_cert: |
 -----BEGIN CERTIFICATE-----
 BlahBlahBlah
 -----END CERTIFICATE-----

and I want to use eyaml so I can store the encrypted version of the cert. I am not sure what my command line would be:

I tried:

# eyaml encrypt -s <<EOT
>-----BEGIN CERTIFICATE-----
>BlahBlahBlah
>-----END CERTIFICATE-----
EOT

But that does work so well:

Error: option '-s' needs a parameter.
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
1

answered 2017-08-28 18:29:27 -0500

-s is short for --string. It expects, quote, “a string provided as an argument” [emphasis added]. So << EOT is consumed by the shell. The shell redirects the heredoc as stdin to the process. Consequently, it's plausible that eyaml(1) complains.

You probably wanted to do something like:

eyaml encrypt --stdin << EOT

Anyways, why do you care about encrypting a certificate? Isn't it a public certificate you're trying to encrypt?

edit flag offensive delete link more

Comments

Our infosec folks are paranoid.

Red Cricket gravatar imageRed Cricket ( 2017-08-28 22:06:52 -0500 )edit

You also have the same problem if you wish to populate the private certificates, or private SSH keys for users, and the same approach would apply

DarylW gravatar imageDarylW ( 2017-08-29 07:30:17 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-08-28 16:58:38 -0500

Seen: 28 times

Last updated: Aug 28