Remove .sh extention from bin tools

author: Dmitry Ilvokhin <d@ilvokhin.com> 2024-06-01 19:15:26 +0100
committer: Dmitry Ilvokhin <d@ilvokhin.com> 2024-06-01 19:15:26 +0100
commit: d129e0950bdaf55c7d752933e77790e9d5b151a3 (patch)
tree: 0db32866ecde3b370a239dc968d4fe87d58773f9 /bin/rotate-vault-password
parent: c593b0c5ed0395c4fe31d074cfaf2e2657ae0856 (diff)
download: infra-d129e0950bdaf55c7d752933e77790e9d5b151a3.tar.gz
infra-d129e0950bdaf55c7d752933e77790e9d5b151a3.tar.bz2
infra-d129e0950bdaf55c7d752933e77790e9d5b151a3.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/bin/rotate-vault-password b/bin/rotate-vault-password
new file mode 100755
index 0000000..1762786
--- /dev/null
+++ b/bin/rotate-vault-password
@@ -0,0 +1,15 @@
+#! /usr/bin/env sh
+
+head -c 128 /dev/urandom | base64 > password.txt
+
+ansible-vault rekey
+    --new-vault-password-file password.txt \
+    `git grep -l 'ANSIBLE_VAULT;1.1;AES256$'`
+
+gpg \
+  -r d@ilvokhin.com \
+  --armor \
+  --output misc/vault-password.asc \
+  --encrypt password.txt
+
+ansible-vault view misc/vaults/example.yml && rm password.txt
author	Dmitry Ilvokhin <d@ilvokhin.com>	2024-06-01 19:15:26 +0100
committer	Dmitry Ilvokhin <d@ilvokhin.com>	2024-06-01 19:15:26 +0100
commit	d129e0950bdaf55c7d752933e77790e9d5b151a3 (patch)
tree	0db32866ecde3b370a239dc968d4fe87d58773f9 /bin/rotate-vault-password
parent	c593b0c5ed0395c4fe31d074cfaf2e2657ae0856 (diff)
download	infra-d129e0950bdaf55c7d752933e77790e9d5b151a3.tar.gz infra-d129e0950bdaf55c7d752933e77790e9d5b151a3.tar.bz2 infra-d129e0950bdaf55c7d752933e77790e9d5b151a3.zip