password

Ansible: unzipping an encrypted file using the unarchive module

If you need to expand an encrypted zip file using the Ansible unarchive module, then you will need to provide the password using the ‘extra_opts’ parameter. Per below, make sure you place the “-P” flag as an independent argument to the password. – name: unzip encrypted zip unarchive: src: mysource.zip dest: /remote/path extra_opts: – “-P” Ansible: unzipping an encrypted file using the unarchive module

Git: BFG for removing secrets from entire git history

If you accidentally pushed a secret or password into a git repository, the BFG Repo-Clean utility is a convenient option for removing all traces of the secret from the entire git commit history. It is also possible to use ‘git-filter-branch‘, but I find BFG more convenient and faster.

Linux: Using GPG encrypted credentials for enhanced security

If you currently store sensitive credentials in plaintext to automate scripting or integration to other systems, you should consider an extra layer of security by storing them encrypted using GPG. There is no fullproof way to hide sensitive information for a service that also needs to decrypt them as part of normal operations (think DVD Linux: Using GPG encrypted credentials for enhanced security

GIT: Calling git clone using password with special character

It is more popular to use an ssh key instead of a password when automating a git clone from a guest OS.  But if you do need to specify the password directly into the console command, it takes this form: $ git clone https://<user>:<password>@<gitserver>/<path>/<repo>.git Which works fine if the password is plaintext, but if it GIT: Calling git clone using password with special character