Best practice with keybase pgp decrypt and aws secrets

queglay · August 25, 2019, 6:26am

I’m using terraform to generate a user’s access and secret key, and then using that information in ansible to provision an installation of some other software.

using the suggested doc to aquire this with

terraform output encrypted_secret | base64 --decode | keybase pgp decrypt

…usually result in me having to type in the keybase password on the next line.

I’m wondering what is the best approach to automating this operation to aquire that data. I know ansible has the expect: command, but I wanted to see if there are any better recommended ways in decrypting this information.

queglay · August 27, 2019, 11:37am

somethign else I’m wondering is - can we generate pgp keys on a new system without an internet connection and automatically provide a password to decrypt / avoid it?

terraform provides an encrypted secret for aws ami access, but no automation can be achieved with that key unless we have the means to decrypt it in an automated fashion.

Topic		Replies	Views
How to decrypt IAM user password using terraform AWS	0	758	December 15, 2021
Terraform output decrypt using keybase Not Working AWS windows	0	359	October 17, 2022
Aws_iam_user_login_profile and PGP Key workflow AWS	3	4498	December 29, 2021
Terraform output decrypt using keybase Terraform	4	3070	May 11, 2021
Aws_iam_access_key encrypted_secret base64 --decode Terraform	10	3919	August 28, 2021

Best practice with keybase pgp decrypt and aws secrets

Related Topics