I have created hosts file in gitlab as follows I want to encrypt password and I want to use it.
Hosts file as follows
[aix]
tusk12
raid12
[aix:vars]
ansible_ssh_user=San
ansible_ssh_password="{{ ssh_pass }}"
ansible_connection=ssh
How should I pass value to ansible_ssh_password how should I use it in gitlab.
I mentioned ansible_ssh_password=san123 value and I encrypted whole file. I don't want to encrypt whole file I want to encrypt only ansible_ssh_password value and I want to use it in gitlab.
Related
Within our pipeline's we would like to set a variable based on some user defined capabilities. For example, agent-1 may store all python versions under "C:/Python" whereas agent-2 may store all python versions under "C:/Documents/Python" and a script may need to know of all the contents stemming from this folder. So, to fix this, we set some user capabilities of where it's stored.
Agent 1: PYTHON_DIR = C:/Python
Agent 2: PYTHON_DIR = C:/Documents/Python
We would like to extract these from in our azure-pipelines.yml for use in future script steps.
We initially tried using the syntax:
variables:
PYTHON_EXE: $(PYTHON_DIR)\Python38\...\python.exe
but this simply echos out as
$(PYTHON_DIR)\Python38\...\python.exe even after an agent reboot.
I have repeatedly kept my confidential information in the file. But I gave the name of the file. I'm looking wrong. What will I do now? I wrote the code well but it looks wrong to me
first you have to create a file named .env,
then in this file you have to put your secret key value that you don't want to share or that is harmful to share,
then you have to call dynamically the secret key name in your main file,
and most importantly you have to add thid .env or write .env to gitignore file.
I am trying to copy all the secrets along with the subfolders from one VAULT path to another.
Example:
source = "/path/namespace/TEAM1/jenkins"
(note: the above source path consists of subfolders like job1,job2,job3... and all these subfolders contains the respective secrets in the form of key-value pairs)
destination="/path/namespace/team1/jenkins"
I could able to manually copy each secret to the destination folder, but wondering any code snippet would help me here to achieve this. Like recursively copy all the secrets along with the respective sub-folders to the destination PATH.
Taking vault secret backup from one path to another like.
input_path: secret/tmp1
output_path: secret/tmp2
so now with this python script you can sync all secret from secret/tmp1 to secret/tmp2
Need to add input_path and output_path in python script then just run.
Link for python script.
https://github.com/vinamra1502/vault-backup-restore
With this script you can copy all secrets along with the subfolders from one vault path to others.
Ex. secret/tmp1 secret copy to secret/tmp2 path.
Eg.: I have a file mycode.py which contains 2 secrets
myfakesecret : "ANSAJHSAKDKDMKADKAMCKSMKSMCKSCC"
MyOriginalSecret: "H%&&^DBSHDBHBBBS%^&&&DSD2343"
I want to ignore myfakesecret but not MyOriginalSecret in truffleHog scan.
If I use --exclude_paths exclude-patterns.txt where exclude-patterns.txt contains mycode.py then truffle hog scan will ignore both secrets.
Can I specify a secret hash or name or any other way to exclude secret not complete file so that it should ignore a particular secret?
Ideally, your code does not include the sensitive secret at all.
That way, truffleHog scan has nothing to ignore/exclude.
mycode.py should read that secret from a file/source outside the repository, at runtime (when you are executing the program.
I'm currently working on a deployment script to run as part of my GitLab CI setup. What I want is to copy a file from one location to another and rename it.
Now I want to be able to find what commit that file was generated with, so I'd like to add the hash of the commit to it.
For that to work I'd like to use something like this:
cp myLogFile.log /var/log/gitlab-runs/$COMMITHASH.log
The output should be a file named eg.
/var/log/gitlab-runs/9b43adf.log
How is this possible to achieve using GitLab CI?
In your example you used the short git hash that you would get with the predefined variable CI_COMMIT_SHA by building a substring like this:
${CI_COMMIT_SHA:0:8}
or by using the short sha directly
$CI_COMMIT_SHORT_SHA
The variable you are looking for is CI_COMMIT_SHA (formerly CI_BUILD_REF in GitLab 8.x and earlier) which one of the predefined variables.
All predefined variables are listed here.
Since GitLab v11.7 you can use $CI_COMMIT_SHORT_SHA which returns the first eight characters of CI_COMMIT_SHA.