I really like the approach of Passbolt to manage passwords with PGP. Passbolt also has a decent API that enables some scripting, and some basic Python packages already exist.<\/p>\n\n\n\n
That made me wonder if I could use Passbolt as a password safe for Saltstack. After some research, I came up with a pretty simple Python script that renders Pillars from Passbolt groups. After installing https:\/\/github.com\/netzbegruenung\/passbolt-salt<\/a>, you need to add the following lines to a Pillar SLS file:<\/p>\n\n\n\n With that, you can access passwords in states with Jinja:<\/p>\n\n\n\n I have to admit that addressing groups and passwords with UUIDs is not the most convenient way, but it definitely works.<\/p>\n\n\n\n Please note that the passwords are accessible to all servers that use this Pillar. Therefore create different Passbolt groups for your different servers.<\/p>\n","protected":false},"excerpt":{"rendered":" I really like the approach of Passbolt to manage passwords with PGP. Passbolt also has a decent API that enables some scripting, and some basic Python packages already exist. That made me wonder if I could use Passbolt as a … Continue reading #!py\ndef run():\n from salt_passbolt import fetch_passbolt_passwords\n # The following UUID is the UUID of a Passbolt group\n return fetch_passbolt_passwords(\"27b9abd4-af9b-4c9e-9af1-cf8cb963680c\") <\/code><\/pre>\n\n\n\n{{ pillar['passbolt']['3ec2a739-8e51-4c67-89fb-4bbfe9147e17'] }}<\/code><\/pre>\n\n\n\n