This library allows you to handle Ansible encrypted vaults.
Here are a couple of examples of how you could use this library
JavaAnsibleVault uses https://github.com/EsotericSoftware/yamlbeans for serializing/deserializing objects to and from Ansible Vaults. This gives you very convenient ways of handling the vaults from Java.
import net.wedjaa.ansible.vault.Manager;
public void createVault(Object someObject, String vaultPassword)
{
try
{
String objectVault = manager.writeToVault(someObject, vaultPassword);
// objectVault contains now an encrypted YML vault with the
// object properties... do what you please with it....
}
catch (IOException ex)
{
// Something went wrong in creating the vault
}
}
import net.wedjaa.ansible.vault.Manager;
public void readVault(String vault, Class theObjectClass, String vaultPassword)
{
try
{
Object deserializedObject = manager.getFromVault(theObjectClass, vault, vaultPassword);
// deserializedObject is the object coming out from the vault - cast away!
}
catch (IOException ex)
{
// Something went wrong in opening and parsing the vault
}
}
import net.wedjaa.ansible.vault.crypto;
public void encryptVault(String data, String vaultPassword)
{
try
{
// Get a byte array out of a byte array in
byte [] encryptedVault = VaultHandler.encrypt(data.getBytes(), vaultPassword);
// Or use streams
VaultHandler.encrypt(inputClearStream, outputVaultStream, vaultPassword);
} catch(Exception ex) {
ex.printStackTrace();
logger.warn("Failed to create vault: " + ex.getMessage());
}
}
import net.wedjaa.ansible.vault.crypto;
public void decryptVault(String vault, String vaultPassword)
{
try
{
// Get a byte array out of a byte array in
byte [] decryptedVault = VaultHandler.decrypt(vault.getBytes(), vaultPassword);
// Or use streams
VaultHandler.decrypt(inputVaultStream, outputCleartextStream, vaultPassword);
} catch(Exception ex) {
ex.printStackTrace();
logger.warn("Failed to decrypt vault: " + ex.getMessage());
}
}
The library handles only the newest (version 1.1) format of the vaults. It will cry and crash and burn with any previous versions of the vaults.
Ansible uses 256 bits keys to handle encryption and decryption of the vaults, this means that in order to handle these vaults you will need to install the unrestricted policy files from Oracle. You have been warned.