You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Generate a new password for the default vault
pwgen -s 64 >new-default-pw
# Re-encrypt all default vaults
ansible-vault rekey --new-vault-password-file ./new-default-pw \
$(git grep -l 'ANSIBLE_VAULT;1.1;AES256$')# Save the new password in encrypted form# (replace "RECIPIENT" with your email)
gpg -r RECIPIENT -o misc/vault-default-password.gpg -e new-default-pw
# Re-encrypt the new password with all DevOps keys
ansible-playbook playbooks/tasks/reencrypt-vault-default-key.yml
# Ensure the new password is usable
ansible-vault view misc/vaults/vault_hcloud.yml
# Remove the unencrypted password file
rm new-default-pw
# Review and commit the changes
Changing the super vault password
# Generate a new password for the super vault
pwgen -s 64 >new-super-pw
# Re-encrypt all super vaults
ansible-vault rekey --new-vault-id super@./new-super-pw \
$(git grep -l 'ANSIBLE_VAULT;1.2;AES256;super$')# Save the new password in encrypted form# (replace "RECIPIENT" with your email)
gpg -r RECIPIENT -o misc/vault-super-password.gpg -e new-super-pw
# Re-encrypt the new password with all DevOps super keys
ansible-playbook playbooks/tasks/reencrypt-vault-super-key.yml
# Ensure the new password is usable
ansible-vault view misc/vaults/vault_hetzner.yml
# Remove the unencrypted password file
rm new-super-pw
# Review and commit the changes