Skip to content

An Ansible action plugin to perform ansible-vault encrypt/decrypt operations inside a playbook. Can use either user-provided id/pass, or can use already-loaded vault secrets.

License

Notifications You must be signed in to change notification settings

dseeley/ansible_vault_pipe

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Collection - dseeley.ansible_vault_pipe

An Ansible action plugin to perform vault encrypt/decrypt operations inside a playbook. Can use either user-provided id/pass, or can use already-loaded vault secrets.

parameters:

  • action: [encrypt|decrypt]
  • vaultid: The vault-id if this is (or will be) associated with one. (optional)
  • vaultpass: The vault password (the current password for action: decrypt, the desired for action: encrypt). If this is not provided, will attempt to use the already-loaded secrets (command-line or vault script).
  • vaulttext: (decrypt-only) the vault text to be decrypted
  • plaintext: (encrypt-only) the plain text to be encrypted
  • multiline_out: (encrypt-only) whether to break the encrypted ciphertext into 80-character lines (as ansible-vault encrypt does). Default: false

Execution

- name: Encrypt using user-provided vaultid and vaultpass
  dseeley.ansible_vault_pipe.ansible_vault_pipe:
    action: encrypt
    vaultid: sandbox
    vaultpass: asdf
    plaintext: "sometext"
  register: r__ansible_vault_encrypt
- debug: msg={{r__ansible_vault_encrypt}}

- name: Decrypt using user-provided vaultid and vaultpass
  dseeley.ansible_vault_pipe.ansible_vault_pipe:
    action: decrypt
    vaultid: sandbox
    vaultpass: asdf
    vaulttext: "$ANSIBLE_VAULT;1.2;AES256;sandbox\n303562383536366435346466313764636533353438653463373765616365623130333633613139326235633064643338316665653531663030643139373131390a323233356239303864343336663238616535386638646566623036383130643638373465646331316664636564376161376137623432616561343631313262620a3561656131353364616136373866343963626561366236653538633734653165"
  register: r__ansible_vault_decrypt
- debug: msg={{r__ansible_vault_decrypt}}

- name: Encrypt using already-loaded vault secrets (from command-line, ansible.cfg etc)
  dseeley.ansible_vault_pipe.ansible_vault_pipe:
    action: encrypt
    multiline_out: true
    plaintext: "sometext"
  register: r__ansible_vault_encrypt
- debug: msg={{r__ansible_vault_encrypt}}

- name: Decrypt using already-loaded vault secrets (from command-line, ansible.cfg etc)
  dseeley.ansible_vault_pipe.ansible_vault_pipe:
    action: decrypt
    vaulttext: "$ANSIBLE_VAULT;1.2;AES256;sandbox\n303562383536366435346466313764636533353438653463373765616365623130333633613139326235633064643338316665653531663030643139373131390a323233356239303864343336663238616535386638646566623036383130643638373465646331316664636564376161376137623432616561343631313262620a3561656131353364616136373866343963626561366236653538633734653165"
  register: r__ansible_vault_decrypt
- debug: msg={{r__ansible_vault_decrypt}}

About

An Ansible action plugin to perform ansible-vault encrypt/decrypt operations inside a playbook. Can use either user-provided id/pass, or can use already-loaded vault secrets.

Resources

License

Stars

Watchers

Forks

Packages

No packages published