New in version 2017.7.0.
<user> needs to be replaced with the user salt-master will be running
Have private gpg loaded into user's gpg keyring. Example:
load_private_gpg_key: cmd.run: - name: gpg --import <location_of_private_gpg_key> - unless: gpg --list-keys '<gpg_name>'
Said private key's public key should have been used when encrypting pass entries that are of interest for pillar data.
Fetch and keep local pass git repo up-to-date
update_pass: git.latest: - force_reset: True - name: <git_repo> - target: /<user>/.password-store - identity: <location_of_ssh_private_key> - require: - cmd: load_private_gpg_key
Install pass binary
render(pass_info, saltenv=u'base', sls=u'', argline=u'', **kwargs)¶
Fetch secret from pass based on pass_path