You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a tool that operates on a Hiera file. For instance, it checks whether contained certificates are still valid and inserts renewed ones when necessary. When switching to hiera-eyaml it would seem necessary to decrypt/encrypt the Hiera file before/after the tool does its job. Since the Hiera file lives in Git, its YAML fields (also encrypted ones) should remain unmodified if they were not touched by the tool.
I have noticed that eyaml encrypt -s test returns a new signature value each time around, even when keys remain unchanged. This is presumably due to "salt" that is being added. At first sight, this prevents the use of my tool in simple combination with hiera-eyaml, when it serves for encrypting certificate keys.
Is it possible to re-obtain the same signature value each time around, or what would you suggest for dealing with a situation like this.
The text was updated successfully, but these errors were encountered:
christian-2
changed the title
Subsequent "eyam crypt -s test" return different signatures
Subsequent "eyam encrypt -s test" calls return different signatures
Aug 20, 2021
christian-2
changed the title
Subsequent "eyam encrypt -s test" calls return different signatures
Subsequent "eyaml encrypt -s test" calls return different signatures
Aug 20, 2021
I have now refactored my code such that there is no longer a simple eyaml decrypt/encrypt bracket around my tool, but that the closing bracket is smart about which keys actually changed opposite the opening bracket. With that, it can avoid repeat encryptions (that lead to unwanted new "salt", etc.)
I have a tool that operates on a Hiera file. For instance, it checks whether contained certificates are still valid and inserts renewed ones when necessary. When switching to
hiera-eyaml
it would seem necessary to decrypt/encrypt the Hiera file before/after the tool does its job. Since the Hiera file lives in Git, its YAML fields (also encrypted ones) should remain unmodified if they were not touched by the tool.I have noticed that
eyaml encrypt -s test
returns a new signature value each time around, even when keys remain unchanged. This is presumably due to "salt" that is being added. At first sight, this prevents the use of my tool in simple combination withhiera-eyaml
, when it serves for encrypting certificate keys.Is it possible to re-obtain the same signature value each time around, or what would you suggest for dealing with a situation like this.
The text was updated successfully, but these errors were encountered: