The Model Designer UI supports passing a private key
to enable automated encryption of secrets.yml
during the Salt Master node
.iso
file generation.
To enable all secrets encryption in the Model Designer UI:
Generate a private PGP key locally. For example:
mkdir -p ~/mcp-temp-gpg-key ; cd ~/mcp-temp-gpg-key
cd cat <<EOF > gpg-batch.txt
Key-Type: 1
Key-Length: 4096
Expire-Date: 0
Name-Real: gpg-demo.com
Name-Email: saltmasterdemo@example.com
EOF
export GNUPGHOME="$(pwd)/gpghome" ; mkdir -p gpghome ; chmod 0700 gpghome
gpg --gen-key --batch < gpg-batch.txt
gpg --export-secret-key -a saltmasterdemo@example.com > gpgkey.asc
gpg --list-secret-keys
Copy the generated private PGP key:
cat gpgkey.asc
Example of system response:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1
lQcYBFyKM7kBEADGU6P/Lp9YRMY/vLw7VOF5Sox1rnu2lz6YqnNQ2J+ZHVlPA9R
........
Proceed with the metadata model generation as described in Define the deployment model. While generating the metadata model, enable the following parameters:
Proceed to the metadata model generation.