From df50917f66c064c71d60cb2726bd99a7fdd0e51e Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Fri, 25 Aug 2017 13:25:23 -0400 Subject: [PATCH] Use tempfile for ssh private key We do this for our GPG keys, lets also do it for SSH keys. Change-Id: I0ec4b6a0bbadc4ab01e5e3e4987da3a40b7a1237 Signed-off-by: Paul Belanger --- roles/add-fileserver/tasks/main.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/add-fileserver/tasks/main.yaml b/roles/add-fileserver/tasks/main.yaml index c5a021fbf..64098e039 100644 --- a/roles/add-fileserver/tasks/main.yaml +++ b/roles/add-fileserver/tasks/main.yaml @@ -1,14 +1,19 @@ +- name: Create SSH private key tempfile + tempfile: + state: file + register: ssh_private_key_tmp + - name: Create SSH private key from secret copy: content: "{{ fileserver.ssh_private_key }}" - dest: ~/.ssh/fileserver_id_rsa + dest: "{{ ssh_private_key_tmp.path }}" mode: 0600 - name: Add fileserver ssh key - command: ssh-add ~/.ssh/fileserver_id_rsa + command: "ssh-add {{ ssh_private_key_tmp.path }}" - name: Remove SSH private key from disk - command: shred ~/.ssh/fileserver_id_rsa + command: "shred {{ ssh_private_key_tmp.path }}" - name: Add fileserver to inventory add_host: