salt.renderers.pass module

Pass Renderer for Salt

[pass](https://www.passwordstore.org/)

New in version 2017.7.0.

# Setup __Note__: <user> needs to be replaced with the user salt-master will be running as

  1. Have private gpg loaded into user's gpg keyring * Example salt code

    ``` load_private_gpg_key:

    cmd.run:
    • name: gpg --import <location_of_private_gpg_key>
    • unless: gpg --list-keys '<gpg_name>'

    ```

1. Said private key's public key should have been used when encrypting pass entries that are of interest for pillar data 1. Fetch and keep local pass git repo up-to-date

  • Example salt code

    ``` update_pass:

    git.latest:
    • force_reset: True
    • name: <git_repo>
    • target: /<user>/.password-store
    • identity: <location_of_ssh_private_key>
    • require: - cmd: load_private_gpg_key

    ```

  1. Install pass binary * Example salt code

    ``` pass:

    pkg.installed

    ```

salt.renderers.pass.render(pass_info, saltenv='base', sls='', argline='', **kwargs)

Fetch secret from pass based on pass_path