A simple role to manage EncFS using Ansible.
- Ansible 2.2+
- A secret that you want to use as a key.
encfs - absolute location of the directory you want exposed as an ecrypted mount point
encfs_user - user to run EncFS process as
encfs_group - group of user to run EncFS process as
passphrase_fetch_cmd - command that, when executed, provides a passphrase as a string
The following will ensure that /var/sensitive-data provides a plain-text view of encrypted data contained in /var/sensitive-data_encrypted. The passphrase will be 'MY SECRET'.
- hosts: servers
roles:
- { role: rorygibson.encfs, encfs: /var/sensitive-data, passphrase_fetch_cmd: "echo 'MY SECRET'" }
And this will use a passphrase retrieved from the metadata service of the hosting environment.
- hosts: servers
roles:
- { role: rorygibson.encfs, encfs: /var/sensitive-data, passphrase_fetch_cmd: "curl --silent http://metadata-server/my-passphrase-key" }
Public domain.
Rory Gibson - @rorygibson