salt.renderers.pass module

Pass Renderer for Salt

[pass](https://www.passwordstore.org/)

New in version 2017.7.0.

Setup

Note

<user> needs to be replaced with the user salt-master will be running as

  1. Have private gpg loaded into user's gpg keyring. Example:

    load_private_gpg_key:
      cmd.run:
        - name: gpg --import <location_of_private_gpg_key>
        - unless: gpg --list-keys '<gpg_name>'
    
  2. Said private key's public key should have been used when encrypting pass entries that are of interest for pillar data.

  3. Fetch and keep local pass git repo up-to-date

    update_pass:
      git.latest:
        - force_reset: True
        - name: <git_repo>
        - target: /<user>/.password-store
        - identity: <location_of_ssh_private_key>
        - require:
          - cmd: load_private_gpg_key
    
  4. Install pass binary

    pass:
      pkg.installed
    
salt.renderers.pass.render(pass_info, saltenv=u'base', sls=u'', argline=u'', **kwargs)

Fetch secret from pass based on pass_path