github.com/upcmd/up@v0.8.1-0.20230108151705-ad8b797bf04f/tests/functests/c0201.yml (about) 1 doc_meta: | 2 folder: security 3 title: use valut to store secrets 4 head: | 5 It is most important of the all the vars/dvars containing sensitive information will not be revealed while we use different verbose level or doing the debug 6 7 For this purpose, we introduce a vault cache store to store all the secrets masked using 'secret' flag 8 9 When a dvar is masked as secret, it is stored in vault and this will not be printed out or exposed 10 11 sections: 12 - title: Demo 13 log: yes 14 15 tasks: 16 - 17 name: task 18 task: 19 - 20 func: cmd 21 dvars: 22 - name: enc_key 23 value: my_enc_key 24 flags: 25 - secret 26 27 - name: value_encrypted 28 value: '{{ "ENV_AAA" | encryptAES .enc_key }}' 29 flags: 30 - vvvv 31 - taskScope 32 33 - name: ENV_AAA 34 value: '{{.value_encrypted}}' 35 flags: 36 - secure 37 38 do: 39 - name: print 40 cmd: | 41 var: {{.ENV_AAA}} 42 decrypted secure var: {{.secure_ENV_AAA}} 43 - 44 name: inspect 45 desc: the vars in caller after invoking module task 46 cmd: 47 - exec_vars 48 - exec_base_vars 49 - exec_base_env_vars_configured 50 - exec_env_vars_configured 51 - debug_vars 52 53 - 54 func: cmd 55 dvars: 56 - name: ENV_BBB 57 value: '{{.value_encrypted}}' 58 flags: 59 - secure 60 61 do: 62 - name: print 63 cmd: | 64 var: {{.ENV_BBB}} 65 decrypted secure var: {{.secure_ENV_BBB}}