mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-26 19:14:01 +02:00
Use openssl to generate better quality p12_export_password (#655)
We're already doing it this way for CA_password, and ansible's to_uuid is problematic as it uses uuid v5 under the hood (#654)
This commit is contained in:
parent
8da53f859b
commit
dd43e1e47e
1 changed files with 9 additions and 1 deletions
|
@ -27,9 +27,17 @@
|
||||||
become: no
|
become: no
|
||||||
register: CA_password
|
register: CA_password
|
||||||
|
|
||||||
|
- name: Generate p12 export password
|
||||||
|
local_action:
|
||||||
|
module: shell
|
||||||
|
openssl rand -hex 4
|
||||||
|
become: no
|
||||||
|
register: p12_export_password_generated
|
||||||
|
when: p12_export_password is not defined
|
||||||
|
|
||||||
- name: Define password facts
|
- name: Define password facts
|
||||||
set_fact:
|
set_fact:
|
||||||
easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"
|
easyrsa_p12_export_password: "{{ p12_export_password|default(p12_export_password_generated.stdout) }}"
|
||||||
easyrsa_CA_password: "{{ CA_password.stdout }}"
|
easyrsa_CA_password: "{{ CA_password.stdout }}"
|
||||||
|
|
||||||
- name: Define the commonName
|
- name: Define the commonName
|
||||||
|
|
Loading…
Add table
Reference in a new issue