salt.renderers.pass module

Pass Renderer for Salt


New in version 2017.7.0.

# Setup __Note__: <user> needs to be replaced with the user salt-master will be running as

  1. Have private gpg loaded into user's gpg keyring * Example salt code

    ``` load_private_gpg_key:
    • name: gpg --import <location_of_private_gpg_key>
    • unless: gpg --list-keys '<gpg_name>'


1. Said private key's public key should have been used when encrypting pass entries that are of interest for pillar data 1. Fetch and keep local pass git repo up-to-date

  • Example salt code

    ``` update_pass:

    • force_reset: True
    • name: <git_repo>
    • target: /<user>/.password-store
    • identity: <location_of_ssh_private_key>
    • require: - cmd: load_private_gpg_key


  1. Install pass binary * Example salt code

    ``` pass:



salt.renderers.pass.render(pass_info, saltenv=u'base', sls=u'', argline=u'', **kwargs)

Fetch secret from pass based on pass_path