31 lines
936 B
Markdown
31 lines
936 B
Markdown
# Vault
|
|
|
|
Before you get started, you will need to create one master secret:
|
|
```bash
|
|
tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 13; echo
|
|
```
|
|
or use any password generator from your favorite password manager.
|
|
|
|
Keep this secret in a safe place, as it will be used to encrypt and decrypt your vault.
|
|
|
|
Two files in `./vault` are used to store sensitive data:
|
|
- `user_provisioning` contains default and maintainer user credentials
|
|
- `secrets` ansible root password and k3s secret token
|
|
|
|
They are formatted as follows:
|
|
```
|
|
# vault/user_provisioning
|
|
vault_atmen_password: <atmen_password>
|
|
vault_maintainer_user: <maintainer_user>
|
|
vault_maintainer_password: <maintainer_password>
|
|
```
|
|
|
|
```
|
|
# vault/secrets
|
|
ansible_become_password: <atmen_password>
|
|
token: <k3s_token>
|
|
```
|
|
|
|
## Note
|
|
To avoid pasting your vault password everytime, you can create a `.vault_pass` file in the root directory with the vault password.
|