I have been trying to replace my eyaml stored secret with a vault_lookup call to HashiCorp Vault. As far as I can tell, getting the password out of Vault is the easy part.
The password has an exclamation point. I think the command I'm trying to execute via the exec resource type is getting mangled.
$command = Deferred(
'sprints',
["gpg --no-ttp --batch --passphrase '%s' other stuff", $hash_with_one_password],
)
exec { 'call-gpg':
command => $command,
creates => "/path/to/my/file',
}
Is there a way to ensure the password is getting processed despite the presence of the exclamation point? When I stripped the surrounding single quotes, everything that followed the exclamation point was treated as an argument, which is not correct.
Thanks!