1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. SPDX-License-Identifier: CC-BY-4.0
3 .. (c) 2017 OPNFV and others.
5 Use eyaml to decrypt secret values
6 ==================================
11 #. Install eyaml and create keys (All of this should be done on the slave server)
15 $ sudo yum install ruby-gems || sudo apt-get install ruby
16 $ sudo gem install hiera-eyaml
19 #. Move keys to /etc/eyaml_keys
23 $ sudo mkdir -p /etc/eyaml_keys/
24 $ sudo mv ./keys/* /etc/eyaml_keys/
26 #. Set up eyaml config.yaml
31 $ cp config.yaml.example ~/.eyaml/config.yaml
36 #. Copy a PDF (yaml) to current directory (or edit the PDF in-place)
38 NOTE: There is a sample encrypted PDF located at `../pdf/pod1.encrypted.yaml`.
39 Data in that file is only an example and can't be decrypted without the PEM,
40 which is not provided.
44 $ cp ~/foo/securedlab/labs/lf/pod2.yaml .
46 #. Create some encrypted values
50 $ eyaml encrypt -s 'opnfv'
52 #. Replace values to be encrypted
67 $ ./generate_config.py -y pod2.yaml -j ../installers/apex/pod_config.yaml.j2