From 68b45c28124b955b80cce7a43747cbf21d86daa1 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 10 Nov 2020 10:47:16 +0100 Subject: [PATCH] Fix example in docs, and make sure to wipe result variable (#140) * Fix example in docs, and make sure to wipe result variable. * Update plugins/modules/openssl_privatekey_pipe.py Co-authored-by: Andrew Klychkov Co-authored-by: Andrew Klychkov --- plugins/modules/openssl_privatekey_pipe.py | 28 +++++++++++++--------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/plugins/modules/openssl_privatekey_pipe.py b/plugins/modules/openssl_privatekey_pipe.py index 87a89b7a..2e1279ad 100644 --- a/plugins/modules/openssl_privatekey_pipe.py +++ b/plugins/modules/openssl_privatekey_pipe.py @@ -59,17 +59,23 @@ EXAMPLES = r''' msg: "{{ output.privatekey }}" # DO NOT OUTPUT KEY MATERIAL TO CONSOLE OR LOGS IN PRODUCTION! -- name: Update sops-encrypted key with the community.sops collection - community.crypto.openssl_privatekey_pipe: - content: "{{ lookup('community.sops.sops', 'private_key.pem.sops') }}" - size: 2048 - register: output - no_log: true # make sure that private key data is not accidentally revealed in logs! -- name: Update encrypted key when openssl_privatekey_pipe reported a change - community.sops.encrypt_sops: - path: private_key.pem.sops - content_text: output.privatekey - when: output is changed +- block: + - name: Update sops-encrypted key with the community.sops collection + community.crypto.openssl_privatekey_pipe: + content: "{{ lookup('community.sops.sops', 'private_key.pem.sops') }}" + size: 2048 + register: output + no_log: true # make sure that private key data is not accidentally revealed in logs! + + - name: Update encrypted key when openssl_privatekey_pipe reported a change + community.sops.encrypt_sops: + path: private_key.pem.sops + content_text: "{{ output.privatekey }}" + when: output is changed + always: + - name: Make sure that output (which contains the private key) is overwritten + set_fact: + output: '' ''' RETURN = r'''