Windows 7 - Generating Trellis vault.yml vault_sudoer_passwords?

I’m having trouble figuring out how to generate the encrypted password thing for vault.yml in my trellis config.

I know I managed to get this working before somehow, but now I can’t remember how exactly I did it.

Anyone know what command I can run to get this working on Windows 7?

To be clear, in trellis/group_vars/development/vault.yml there’s a variable vault_sudoer_passwords with an admin entry and an encrypted password/hash thing. I need to generate a new one using a password of my choosing.

At a minimum you need vault_sudoer_passwords to include the user name you’ve entered for the admin_user. As you’ve mentioned, the default name is admin and there typically isn’t a reason to change that name. You have admin in all the right places. So far so good.

The docs for Admin user sudoer password mention that the default password is example_password and you’re wise to want to change from the default. Also from the docs:

The passwords were generated using the python command found here

That link describes how to create the password hash on Linux and OS X, but not Windows. You could google how to make a SHA512 password hash on Windows and copy the hash into vault.yml.

Alternatively you could probably vagrant ssh into your Vagrant VM and create the hash there, using one of the two untested options below:

Option 1 - mkpasswd
The link above shows that you could run (on the VM)
mkpasswd --method=SHA-512
which will prompt you to enter a password and it will spit out a hash for you to copy into vault.yml.

Option 2 - passlib
Install pip package manager for python (on the VM)
sudo apt-get install python-pip

Install passlib python package (might need sudo)
pip install passlib

Run passlib command
python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"

Enter password on the prompt and copy result to vault.yml

Thank you! I think running the command on the Trellis box is what I was forgetting. I ran it there and it appears to have worked.

1 Like