Includes/PluginReplacedArchived
Born to strip off passwords, api keys and other sensitive info from the configuration file, this plugin basically processes some jinja2 templates on startup to assign the corresponding values set in a dedicated yaml file or from DB.
All the templates to process must begin with the word "secrets".
In this sample config.yml
we configure the plugin to look for config secrets in a file named secrets.yml
:
secrets: secrets.yml
templates:
tell_me:
notify_xmpp:
sender: '{{ secrets.xmpp.usr }}'
password: '{{ secrets.xmpp.pwd }}'
recipient: some@recipient.xyz
title: 'something new: {{ title }}'
tasks:
test:
template:
- tell_me
trakt_list:
username: '{{ secrets.a_long.time_ago }}'
password: '{{ secrets.a_long.in_a_galaxy }}'
list: test
type: movies
And this is the secrets.yml
content:
xmpp:
usr: xxx@yyy.zzz
pwd: mypassword
a_long:
time_ago: xxx
in_a_galaxy: yyy
far:
far:
away: zzz
So this will be the resulting config.yml
before executing tasks:
secrets: secrets.yml
templates:
tell_me:
notify_xmpp:
sender: 'xxx@yyy.zzz'
password: 'mypassword'
recipient: some@recipient.xyz
title: 'something new: {{ title }}'
tasks:
test:
template:
- tell_me
trakt_list:
username: 'xxx'
password: 'yyy'
list: test
type: movies
Secrets can be also cached to and loaded from DB (starting in v2.1.11). From that version, if a secrets file is present in configuration file, its contents will be cached to DB and will be accesible via the /secrets/
endpoint in the API.
In order to have the config use the secrets from the DB instead of the file, use secrets: yes
in the config file instead of the secret file name. Loading secrets from DB and not the file is recommended when using the WebUI/API
secrets.yml
file.