Skip to content

stupid command line tricks

Jump to bottom
Ed Silva edited this page Apr 17, 2018 · 5 revisions

create a new file:

$ generate-secure-pillar -k "Ed Silva" create -n "super:secret:password" -s "password" -o blah.sls
INFO[0000] wrote out to file: 'blah.sls'

$ cat blah.sls
#!yaml|gpg

super:
  secret:
    password: |
      -----BEGIN PGP MESSAGE-----

      wcFMA/18BRYacDTHARAAMR8uujifd6zQINZ0itVDc/v2aYVlxWVkM/jfy1xg4Guw
      ItqU2pWqbaA5Xg24rNGl3tDkPJsrBLiGheEc+L4B8H6W+YJ+W8rOK191DBv49GIC
      5N/BicriGydKeBpl1mxVIebt4Yyh+ltqCtMAID+BCRRcEEWAuEjXn08xqbTx22yS
      r4BAySdRV8pCuLTtqrwZutLq8gf2zKwv9kmGlFcfoH8YXq7IXeVLZhLdvI2zwn9s
      l+zlBbCu8Gy8B3t3znnPFqiCsr79/wbtYbc/mN5JwH4S/BV/SOIsVzE/WB4r3+ih
      H0N5DGa3oPcy21lNxQKj7gC0ncPQXFBdhWtVt6fViKICoHDvuT2nqR/CrZqN96hQ
      CwZRkzFMAkpQFHC0maioxqsJko1X2VgxeFs9E73QvA2Rq5VHW9KASAMUkUMSJJ15
      lJWLI76kIaVuJn7PiWfYWi6qoTPrl+OnzrGPiE8djeGdMZKpkO46kIgB6qG9wVK8
      3jZ6JmLWxUcmIJRffsnFchsagTeT/xpxq6KA4DE5TPrSy7sh4UcNVHGqHi+QGjP0
      rUcB+ZdQVprP8u2BpcfYZnDQsM7SZwmP8+OF4gcRKcG31kuFma1MmKxN1iFqqF+s
      iw7v9qYZvcV/Nus5/vPraBAbPZZ+d7gWy0WSr8ZKD6zYFsHcgtybdQNgdoj0973S
      4AHk4VTZgsRKRsHA4BImqd7QIOEys+Au4JThDyfgNeKUXx6n4EbhuDTgyuR6O+RC
      ME3voo00gnp5IZau4sE7dPjhQWIA
      =kA4/
      -----END PGP MESSAGE-----

if you have the secret key you can decrypt to make sure it's all good

$ generate-secure-pillar decrypt all -f blah.sls
#!yaml|gpg

super:
  secret:
    password: password

add a new element to the file

$ generate-secure-pillar -k "Ed Silva" update -n another:super:secret:thing -s 'suuuuper secret!' -f blah.sls 
INFO[0000] wrote out to file: 'blah.sls'                

$ cat blah.sls
#!yaml|gpg

another:
  super:
    secret:
      thing: |
        -----BEGIN PGP MESSAGE-----

        wcFMA/18BRYacDTHARAAWjYA8z/8rAN4yZmtEJ6wW6Mg8agLG0FybJ28p3NKXIOb
        2Pa7TuneYlpGPtIM7lVcCHMkhAka5rSEqCnpdLQ4Ta38Ad3MnBOU3/mk3Qdc1clY
        p5LeHkqjN8E7zLTsdfXQ17Ea+FF5v8q7tR7P5xvtttKS/5qt45EcOrRaSubdmGDL
        wF1Dp8vRTUcszzpIGguazqWZ1YGzOxTh2tCBxeiYuMr28OgiUHiMbrBYzfw2bFGC
        YiSP6Sr1UQ1xWNci9awESCdai6OSouxoaEZJMsYEciDLSE7MCEkbn/t6WL+Srwdz
        3gfP/XGmzGkbgg1wD7Xee0oHvEoa7ffr3oQjOlx1g4pH/hTbqv7aHR/3WextsoET
        YJl7zAnwMfw662o8pwj6RvFFalgRLm2/X8ZXgA5CS4AFLAIidCun79371yycHaC9
        YOcov/hCN47wdr2wCgB6pbCyCwunFh/rCOeGYXnJ6ZIGIiN87JOWL1q80UCaq888
        P7HNeBVD5xbLh60ALzbx4deOTgNx6+g1byOn7gWtbHfxlzjw157Rv8w0RrbwgWVI
        qVm39wYME2MYyqhSJxNkLarzN10yWDXGp30dzTnMBrrLjtfsWjW35QMddvcJlecK
        CVuZtIr7Ex0FRogs9W2gLvVCiTb9skuhdwsi1epnJby9YDCRI/u7QMbFMQO+qbXS
        4AHkYHqf30kGG2HEPPW7RWVUjOEEZOCA4BnhNdLgN+IxNYDB4JPk46CZZCIcwJN1
        ypDKSsEyyOCy5EtDZs9UOi617vkGx5T0fkriSW8EDuHyngA=
        =nB5M
        -----END PGP MESSAGE-----
super:
  secret:
    password: |
      -----BEGIN PGP MESSAGE-----

      wcFMA/18BRYacDTHARAAZLduv5ZNiQw2r8kU7HhLubzqKB+k4S1TUSSWdZr00JwT
      th7+t/kxKiDuUlrBmUZqNNvj6IlBds2gj8NONBpGkZf7othDMjLkuef2NpUHN2qU
      rxG0U8cvr3mexAsJJCab6MYprSLoGemguF7nvWd50MS0lxsPq+eyMzxlsccqjjxh
      JmYP7R2kPvTWpVYIrJVPb6Vexiadkm9VYnv+LPwyCLqybHAVAmaT82jkfG4tdhNr
      +mu/4MuIhUAhLTxmTfV1CnnhLjAsFwNqg34ykKNAt89bFCGGYcBEi1vYtvRO9LTm
      1yQNOxvVvFVyahKnDNdPyVrCabZ/0y+wWEsrwqcwrRPnTFe3mXINuvKZtMGtfC2l
      xhbVgxLt+WKwTVqaGp/yywwYrkzAbz8Dn66Jvw+aBX9L4xzbvTnL5ZEVEwjpfjtC
      IyA6L7YkwZvBKEP0n43qEU11UmXT4G/G7BfBpi03w0/6RNa6bYREMfvJ0aXpCToA
      cmh36AVsuctb7UG0H18J1OioLEiANcCTJY/9zLsJJhTVhXQDgJCxmyWkqIo407eY
      12WFldscsPKjZN0dR26HMgZoyOtQ3rp9l7o02p8r6zYdTKHbxtOKyePP+oA81I6C
      3Qk7V2Yb1fDBg/0QWAJiamz/KPqQ65AMlRE2lKV9LR6psjrDDawJM2fxCc0Ya5jS
      4AHkONcK0hIG078BptYBWeY5FOG4QOB54IbhZq3gueJx2YoJ4NjjVBe0kBEBISLg
      huSHr7baMllol16UvHmQ74We4h16dXThPCUA
      =ztRd
      -----END PGP MESSAGE-----

$ cat blah.sls | generate-secure-pillar decrypt all
#!yaml|gpg

another:
  super:
    secret:
      thing: suuuuper secret!
super:
  secret:
    password: password

view the key(s) used on a file

$ generate-secure-pillar keys all -f blah.sls
another:
  super:
    secret:
      thing: '23FB4B72AD2680F7: Ed Silva <ed.silva@everbridge.com>'
super:
  secret:
    password: '23FB4B72AD2680F7: Ed Silva <ed.silva@everbridge.com>'

change the PGP key used

$ generate-secure-pillar -k "Dev Salt Master" rotate -f blah.sls
INFO[0000] processing blah.sls                          
INFO[0000] wrote out to file: 'blah.sls'

$ generate-secure-pillar keys all -f blah.sls
another:
  super:
    secret:
      thing: 'FD7C05161A7034C7: Dev Salt Master (For Development Environment Only)
        <nobody@everbridge.com>'
super:
  secret:
    password: 'FD7C05161A7034C7: Dev Salt Master (For Development Environment Only)
      <nobody@everbridge.com>'

decrypt a specific element

$ generate-secure-pillar decrypt path -p super:secret:password -f blah.sls

super:secret:password: password

only encrypt stuff under a specific element

$ cat foo.sls
#!yaml|gpg

secrets:
  something: something
  super:
    secret: blah
some:
  other:
    things:
    - thing one
    - thing two

$ cat foo.sls | generate-secure-pillar -k "Dev Salt Master" -e secrets encrypt all -o foo.sls
#!yaml|gpg

secrets:
  something: |
    -----BEGIN PGP MESSAGE-----

    wcFMA/18BRYacDTHARAAjuw4OyKMpuAz8N1eXcmMTVw4KiApsPYRErurCX+RQH3/
    dsXVNCWNAa+tdwcWWmvTSeapRNlxfU0sF0Vq0/mMM99MBT4aX3yIxkJmOb8CwABd
    CWdoNLGzKiHYUoSJKtT50pa5VLP5U8NMPKGf+6Ia623r/JtiZQF5zcuXVEGFHqbZ
    sJL0xXkPtQaCeTlIZDo7SXo3YwqK1CDNAKhlYqrvULE8zGGiEeguiDQdKXS1aeLU
    tPWhGCg6KJprSAc33rtrdkBu6i8Fxls6Vr2sInvjdSZU1+C+lXKae7+Pzt6GOKH2
    xldZ5TMXcqnqHZJDLg+qp405n7s0S34KvEahd3iUgszXlk7mv/3Mw0ZS8IOIVteK
    93lVzeNQJJTL3SxM0IfzGCCWwJPyRIgUBWSeFk1pFdsBNyu2bkiZB6K50Fk6kR7U
    CU9YjTZt4t3KRAjPqI1qpKVpmEw8tKS63u/mqpeV9BTDdNCbkL8roKPVfKV+HmTw
    p/KSYyAHLAKzL2xF8hcWhr/V3i0608xS8IiEPIOaordgcmBQL3AecbGQaimRCTVd
    GarfOmUPyu1rVhBGaThn8q9sgQVNe4ovDZQmBl7CAvaSNiOAjOJ32wc3rvIZhqYX
    G+XL4IRjxJAZWGJV6OWZWI1jzFHhtJJCT9rncaDh7L2hGP6Se0F+HyhKutRjstnS
    4AHk+9iExjxJokAdjsoJX0SrReG0UODy4BvhHjHgouKCNism4EfjSoOeFW03oSng
    CuA04HDky8dNA3rYHt6oYwrygmP+DeJ/Rmmy4TXWAA==
    =Fp1E
    -----END PGP MESSAGE-----
  super:
    secret: |
      -----BEGIN PGP MESSAGE-----

      wcFMA/18BRYacDTHARAAa9/93VRf5SAaraMDGMpz8Eh8hCW9gXNptI3jI15YgFKR
      QRxwUGOtKB/JQnBMHp9pkPkSaoecI6Wr2UtM1UsAGmoacck5Pm79bYRXDWS2DW81
      /slG12WuFMO0KEgziC0xJNt7TdXgsX6qTyn7ElGjdbPZVdm/0b3LGBaCzIKigm4D
      2OkIEje88Ge5H2vvsSMfU7nrb4wP+pyZjEXJqVleRE7PRCuPyvODBYAR88tCMeQR
      2NkNQ5khdA0jvzd+ms126MdJlA5L/s0M4aNQDo4YVGhgRApijDLtP99vjPU/rm95
      3607En+k81h4b4oI/1NwKW45qtR9beQATQifF147DNbkIysJGXERGZFTVjihGCTZ
      yuKnArBHJkKCODItspB9mE8tvIsZqOHpD/a6wfLALOeCnhS9FZLMHvSEXW215vXX
      SeiZqeAkSFYnCwnKOXm+kj8iKXwiarHKjvea94w28rIbpGLhnOvbQoZuebmUq3/d
      ahyUvvAAM9H8snwQ6UEF1weUGzYFN3M1/K9HnUPLJwEXSrwogjH1SDzI+2mZIu4u
      F1y1I5Jr5R2aL228KWi3DYhknypquZ/TFuhWTjkeeKWJVeIkQtHg5TM2w1DgdmkS
      jrboXPmDfMAMoAlZXBhPCzSAn6ecOLjVEyydQG7Jg0cvh42AaAGmKuekLFPg4AzS
      4AHk2Y4QRICl/63iV5872rr3a+EzneCs4Erh6QPg7+LE8dvM4G7iJoe+KuB45OMQ
      TxPIy9r5WHe8ov2a0ULiNuYneeHn/AA=
      =ez9p
      -----END PGP MESSAGE-----
some:
  other:
    things:
    - thing one
    - thing two

just goofing off because reasons

$ cat foo.sls
#!yaml|gpg

some:
  other:
    things:
    - thing one
    - thing two
super:
  secret: blah
$ cat foo.sls | generate-secure-pillar -k "Dev Salt Master" encrypt all | generate-secure-pillar decrypt all
#!yaml|gpg

some:
  other:
    things:
    - thing one
    - thing two
super:
  secret: blah

$ cat foo.sls | generate-secure-pillar -k "Dev Salt Master" encrypt all | generate-secure-pillar keys all
some:
  other:
    things:
    - 'FD7C05161A7034C7: Dev Salt Master (For Development Environment Only) <nobody@everbridge.com>'
    - 'FD7C05161A7034C7: Dev Salt Master (For Development Environment Only) <nobody@everbridge.com>'
super:
  secret: 'FD7C05161A7034C7: Dev Salt Master (For Development Environment Only) <nobody@everbridge.com>'
Clone this wiki locally