Ansible vault transparent encryption revisited

clean_vault

#!/bin/sh

if [ ! -r '.vault_password' ]; then
  exit 1
fi

tmp=`mktemp`
cat > $tmp

ansible-vault encrypt $tmp --vault-password-file=.vault_password > /dev/null 2>&1

cat "$tmp"
rm $tmp

diff_vault

#!/bin/sh

if [ ! -r '.vault_password' ]; then
  exit 1
fi

export PAGER='cat'
CONTENT=`ansible-vault view "$1" --vault-password-file=.vault_password 2> /dev/null`

if echo "$CONTENT" | grep -q 'ERROR: data is not encrypted'; then
  cat "$1"
else
  echo "$CONTENT"
fi

smudge_vault

#!/bin/sh

if [ ! -r '.vault_password' ]; then
  exit 1
fi

tmp=`mktemp`
cat > $tmp

export PAGER='cat'
CONTENT=`ansible-vault view "$tmp" --vault-password-file=.vault_password 2> /dev/null`

if echo "$CONTENT" | grep -q 'ERROR: data is not encrypted'; then
  echo "Looks like one file was commited clear text"
  echo "Please fix this before continuing !"
  exit 1
else
  echo "$CONTENT"
fi

rm $tmp

Nice, though you should echo to grep, and instead of > /dev/null you can simply use grep -q, see https://gist.github.com/kitsmag/6f52b9888f0e82037585

In smudge_vault you are missing " around your $CONTENT variable to preserve newlines.

  echo "$CONTENT"

@kitsmag Thanks, added -q. However, unless I am mistaken, you can not do grep -q 'ERROR: data is not encrypted' $CONTENT. Grep will think the eval'd value of $CONTENT is a filename.
@mblarsen Fixed, thanks !