On 17 August 2018 at 17:28, Kai Stian Olstad
<ansible-project+[EMAIL PROTECTED]> wrote:
A convenient compromise between "authenticating every time" and
"storing vault passwords in plain text" is the use of wrappers scripts
that fetch the vault password from agents that run in-memory.
So you authenticate less frequently (i.e. more convenient), and don't
store vault passwords on disk in clear text (i.e. more secure).
I've successfully used this approach using GnuPG and LastPass.
LastPass has the added benefit of being able to share vault passwords
across a team (although this requires the paid version).
Trust & Identity Service Operations Manager
PGP key fingerprint: F575 58C6 62C6 FD5B A9CD 217C 2667 13D4 E6EF 488D
GÉANT Vereniging (Association) is registered with the Chamber of
Commerce in Amsterdam with registration number 40535155 and operates
in the UK as a branch of GÉANT Vereniging. Registered office:
Hoekenrode 3, 1102 BR Amsterdam, The Netherlands. UK branch address:
City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.
To post to this group, send email to [EMAIL PROTECTED].