Time to time you need to pass the password to salt to login to a service or use the Rest API to do an operation which requires you to use the password
The solution that found for this kind of scenarios was to use the cmd.script
- Add the code below in your init.sls file
use-password: cmd.script: - name: use_password.sh - template: jinja - source: salt:///{{ slspath }}/files/use_password.sh - context: slspath: {{ slspath }}
2. Add the use_password.sh code blow to the files folder
#!/bin/bash{% from slspath + "/secret.sls" import get_secret with context -%}
{% from slspath + "/config.jinja" import config with context %}{%- set rest_api_url = config.rest_api_url %}
{%- set token_path = config.token_path %}{%- set username = get_secret(rest_api_username).strip() %}{%- set password = get_secret(rest_api_password).strip() %}curl -u {{ username }} -p {{ password}} -X POST -o {{ token_path }}/token {{ rest_api_url }}
3. Run the salt formula again
salt-call state.apply <module-name> saltenv=<env-name> -l debug