Topic on Talk:Meza/Setup SAML authentication

What to do when it is encrypted?

1
Summary by Revansx

secret.yml is no longer encrypted

Revansx (talkcontribs)

My notes on editing the secret.yml config file based on the instruction here: https://www.mediawiki.org/wiki/Meza/Setup_SAML_authentication plus advice from James.

  1. Step 1: Set secret config
    1. run #tr -c -d '0-9a-zA-Z' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo and paste the 32 character output to a scratch pad (notepad or whatever) as the salt code to be used below when needed
    2. run #tr -c -d '0-9a-zA-Z' </dev/urandom | dd bs=16 count=1 2>/dev/null;echo and paste the 16 character output to a scratch pad (notepad or whatever) as the adminpassword to be used below when needed
    3. discovered that /opt/conf-meza/monolith/secret.yml is encrypted, so the solution is provided to me as:
    4. run meza_env=monolith to set the variable meza_env to monolith (my environment)
    5. then run  sudo ansible-vault edit "/opt/conf-meza/secret/$meza_env/secret.yml" --vault-password-file "/opt/conf-meza/users/meza-ansible/.vault-pass-$meza_env.txt" which will de-crypt the file secret.yml automatically launching it in readable text in the infamous "vi" editor.
    6. Now to edit using the vi editor (vi notes)
      1. down arrow to the last character of the end of the and type a which will put you in "insert" mode and allow you to add new lines.
      2. copy the text from the SAML link above into the secret.yml file at the end (control-c to copy it from notepad and right-click to past it into "vi")
      3. cursor up to the line that reads: salt: <output of command from above> and replace the <output of command from above> with the salt code created above in step 1.1
      4. cursor down to the line that reads: adminpassword: <your strong password> and replace <your strong password> with the adminpassword created in step 1.2 above
      5. Type :wq to save and exit vi
      6. exiting vi from the ansible-vault edit command automatically re-encrypts the file
      7. you should now be back at the system cli
  2. Step 2: Set public config
    1. ...