rd keys get

[Richard Garforth]

Hi,

How can I use the rd command to access passwords stored in the Keystore.  I can get keys out but not passwords.

rd keys get -p keys/mysql/root/
Requested path (keys/mysql/root/) is not a public key. Type: password

but If i have a key I can extract as you would expect

 rd keys get -p keys/git

ssh-rsa AAAAB3NzaCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ... FbSp4QaMFTeZeNgz1bPlzbTLTfVl3

Is this possible?

I could wrap the job and pass option variables, but I think this is messy as it leave the job page with quite a few boxes that don't accept input.

Thanks

[rac...@rundeck.com]

Hey Richard!

rd keys get -p <yourkey> only works with public keys, not with passwords or private keys.

You can see this in the documentation:

https://rundeck.github.io/rundeck-cli/commands/#keys

You can create a job that get the password value in an option and print with echo and call it using Rundeck CLI with:

rd run -f -j <yourjob> -p <yourproject>

Here an example job:

<joblist>
  <job>
    <context>
      <options preserveOrder='true'>
        <option name='password' secure='true' storagePath='keys/pass/mypass' valueExposed='true' />
      </options>
    </context>
    <defaultTab>summary</defaultTab>
    <description></description>
    <executionEnabled>true</executionEnabled>
    <id>d5e8362a-b7de-4a06-b70d-858b75712058</id>
    <loglevel>INFO</loglevel>
    <name>myjob</name>
    <nodeFilterEditable>false</nodeFilterEditable>
    <scheduleEnabled>true</scheduleEnabled>
    <sequence keepgoing='false' strategy='node-first'>
      <command>
        <exec>echo ${option.password}</exec>
      </command>
    </sequence>
    <uuid>d5e8362a-b7de-4a06-b70d-858b75712058</uuid>
  </job>
</joblist>

Hope it helps!

[Richard Garforth]

Thanks.

I'll give the work around a try.  Would be nice though if we could extract all secrets from the key store, not just public keys. (with suitable authorization).

Richard