From ad12e965b2bcf74ae7b02f547672aab2444c1149 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Mon, 20 Dec 2021 20:12:04 +0000 Subject: [PATCH] Mention how to prevent having to type your password in each time --- content/posts/ansible-vault-bitwarden.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/posts/ansible-vault-bitwarden.md b/content/posts/ansible-vault-bitwarden.md index aedcfba..92baf11 100644 --- a/content/posts/ansible-vault-bitwarden.md +++ b/content/posts/ansible-vault-bitwarden.md @@ -69,6 +69,14 @@ So now, when deploying with Ansible, rather than reading the vault password from [My diff](https://github.com/RealOrangeOne/infrastructure/commit/9e473265a530807a5123c3f7f3d99736aca2e35a) +### Password caching + +In this setup, Bitwarden will prompt you for your master password every time you run Ansible. For most, that's not a massive issue, but for some that could get quite annoying. + +That thing I mentioned before, the ["session key"](https://bitwarden.com/help/article/cli/#using-a-session-key), this is where that comes in. The session key allows Bitwarden to access its credentials without prompting you for your password each time. It works by setting a `$BW_SESSION` environment variable, which future command line invocations can read and unlock the database with. + +To configure this, run `bw unlock`. This will prompt you for your master password, and then display a session key environment variable to set. If you set this in the same terminal you run Ansible from, it won't prompt you for your master password any more, as ansible helpfully passes through all environment variables into the relevant password file script. + ## What about the become password? You probably shouldn't run Ansible as root, for the same reasons you shouldn't run many things as root. Given Ansible uses SSH, that would require SSH to be open to `root` anyway, which is also a bad idea. Instead, Ansible has [`become`](https://docs.ansible.com/ansible/latest/user_guide/become.html), which can use `sudo` to change user as part of individual tasks and roles.