This operation will derive an operational Vault token based on any environmental hints that aomi supports. The various mechanisms which aomi will use for authentication are described under operations. Both the
--lease options are supported.
This action can be used to easily change passwords. It can operate on both userpass users and generic secrets paths. It will ask for the password (and a confirmation). Optionally, you may pass in a password via stdin.
To modify a users password you would invoke the following
aomi set_password user:foo Enter Password: Again, Please:
You can also modify passwords stored in arbitary Vault paths (in this example using stdin).
aomi set_password foo/pass <<< "1234"
This action is used to render the
Secretfile. It respects the
--extra-vars-file options in the same way as the
seed operation. This operation takes a minimum of one argument, the directory to write the rendered
Secretfile (and accoutrement) to.
$ aomi render /tmp/rendered
The output will be written to the specified directory, with the following structure.
Secretfilewill be at the directory root
- Policies will be found in a directory named
- AWS inline roles will be found in a directory named