For many opsi user opsi-admin provides the go-to tool for scripting and even regular work on their system. Usually this makes use of the -d argument in order to not get asked for a password. But what if you want to go through the webservice instead - you don't want to use -d.

One reason for this might be that you want to have logs about what happened. You still can configure opsi-admin to write logs to a location of your choice but you have to think about this every time.

One thing that probably bug you is that you want to go through the webservice but the requirement to type in a password could be an annoyance. The options you have is that you use --password but this means that the password may be visible in the process list. Various other means of passing the password to the prompt may help but this would also mean that you may have to edit a whole lot of scripts if you ever change the password.

For sure you could whip out your favourite programming language and create scripts to do all your tasks but this might end up as not being as flexible and sometimes even overkill if one simple call is all you need.

To make your - and our - live a little bit easier there is now the possibility of providing credentials in a specific file we call opsirc. This file may contain username, password and address in order to have an easy way to benefit from going through the webservice while scripting - or just making use of the webservice by default.

An example might look like this:

username = grace
password = sundown
address = https://opsi.casa.hanson:4447/rpc

Save the contents at ~/.opsi.org/opsirc and opsi-admin (4.1.1.30 or newer) will pick the information up and use it for an connection. You can now run an command like opsi-admin method backend_info without the need to enter a password.

The opsirc file is kept simple so that other tools have the possibility to make use of this aswell. None of the lines are mandatory. A minimum usable example would be only providing a password in the file. And it is possible to save the password in a separate file by using the key password file and the path to the file as value. This makes it possible to show the file to others without presenting your password in plain view.

I hope this makes everyones live a little bit easier!