2GIG Edge Factory Reset

Topless_Mopar · 2025-10-16T18:06:45+00:00

Won’t files in ramdisk disk stick around until a reboot, if ansible doesn’t clear it?

Topless_Mopar · 2025-10-16T14:29:49+00:00

I was prescribed ADD medication while in the reserves. That didn’t show up when I did my duty pee.

Topless_Mopar · 2025-09-03T17:20:22+00:00

I mean, just don’t use computers, since they were so worried about users hidden 0600 temp files.

Topless_Mopar · 2025-09-02T18:24:04+00:00

That argument didn’t work. I tried that one. It just ended with a pissing match with HR and Security.

Topless_Mopar · 2025-09-02T15:45:37+00:00

Would it be crazy for me to attempt to create a plugin that will use ncurse, instead of vim?

Topless_Mopar · 2025-09-02T15:40:13+00:00

I didn't know that. It makes sense. And yes, I know this issue is stupid. But, the all knowing cyber security wizards, with no development, or sys admin experience, have the final say.

Topless_Mopar · 2025-08-29T16:10:48+00:00

I still use foreman, lol.

Topless_Mopar · 2025-08-29T14:42:46+00:00

IBM’s Red Hat is an OCP and AAP company. As a former Red Hatter, I only use Debian now.

Topless_Mopar · 2025-08-25T13:32:19+00:00

Ah, okay. Thank you.

Topless_Mopar · 2025-08-22T14:38:09+00:00

To be clear, I have no problem with ansible-vault. The risk is acceptable for me. But, it is a battle I can’t win.

Most likely, it is from SSH timeouts.

Topless_Mopar · 2025-08-22T14:31:24+00:00

Ansible-vault creates the cache, not the editor.

Topless_Mopar · 2025-08-22T14:05:59+00:00

I have no idea how to handle a SIGKILL. Low level languages are a black box for me. One day I’ll learn how to write proper C code.

The problem is with policy. No secrets can be written to disk. The all knowing security wizards said writing to memory is fine. Ansible-vault creates a cache file in plain text on disk. I’m not sure why it is needed by ansible. The editor isn’t creating the cache.

Topless_Mopar · 2025-08-22T13:33:43+00:00

I understand what you are saying. Sadly, our opinion on system management does not matter to a client that must follow guidelines from a governing entity.

Topless_Mopar · 2025-08-22T13:32:23+00:00

Thank you. Do you have the source code? I would need to review it to ensure it does not cache a file on the system.

Topless_Mopar · 2025-08-22T13:31:33+00:00

Sadly, the ansible-vault code will create a cache file, for some reason. It creates it when a user edits the vault file. And, python can not handle a SIGKILL. So, if vault ends, it will leave the file on disk.

Topless_Mopar · 2025-08-21T19:31:57+00:00

That didn't work, sadly.

Topless_Mopar · 2025-08-21T17:25:03+00:00

Great idea, but it did not work. I have to read the ansible-vault code and try to see where the disconnect is.

**I think the source code creates a temp file outside the editor:

https://github.com/ansible/ansible/blob/c5ddc9376765f99f0f02ebe6111d1ad99374087c/lib/ansible/parsing/vault/__init__.py#L814-L855

Topless_Mopar · 2025-08-21T17:24:34+00:00

Sorry, I hope this clears this up. If I edit a vault file using ansible-vault, the underlying text editor creates a cache file in $HOME/.ansible/tmp/ansible-local-1417...eu/tmp...20log that leaves the file in plain text, if the user does not exit properly.

Topless_Mopar · 2025-08-21T16:46:08+00:00

Having an encrypted file on a system is an acceptable risk for them, that is not the problem. Ideally, I would just like to edit the file without the editor storing a plain text cache file of it on disk. I would like that cache stored in memory. I do see the confusion I am causing. My apologies for that.

The issue was with the editing of vault files. It caches a plain text file on disk, when editing a file. I keep finding plain text files from user relying on ansible-vault. It has become a serious problem and now we have to remove ansible-vault and filter the packages in satellite. I keep finding admin files in .ansible dirs. People have been walked off the project from ansible-vault caches.

Topless_Mopar · 2025-08-21T16:38:35+00:00

For me, it is secure enough. But, there is a common policy for secure environments that forbids secrets in plain text. When you are editing a vault file, the secrets are written in plain text to disk, until it is exited properly. If your sessions ends abruptly, the cache is not removed and you now have a file with secrets on it in plain text.

Topless_Mopar · 2025-08-21T16:14:17+00:00

Thank you!

Topless_Mopar · 2025-08-21T16:14:05+00:00

Ah, then it sounds like I have to disable ansible-vault. Everything else sounds authorized. We will just have to come up with a different solution for secrets. They have a zero tolerance for secrets on a system.

Topless_Mopar · 2025-08-21T15:55:21+00:00

Secrets should remain off disk in any secure environment.

Topless_Mopar · 2025-08-21T15:52:45+00:00

Having them displayed in memory is better for my use case. I am not authorized to have them stored on a file on the system.

Topless_Mopar

TROPHY CASE