Last active
April 11, 2024 17:05
-
-
Save pythoninthegrass/ae3fe1f68f76483fe8babd902b737b14 to your computer and use it in GitHub Desktop.
Ansible Vault w/macOS Keychain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# $USER | |
[[ -n $(logname >/dev/null 2>&1) ]] && logged_in_user=$(logname) || logged_in_user=$(whoami) | |
# $UID | |
# logged_in_uid=$(id -u "${logged_in_user}") | |
# $HOME | |
logged_in_home=$(eval echo "~${logged_in_user}") | |
# also symlinked to ~/.local/bin/unlock-vault | |
export ANSIBLE_VAULT_PASSWORD_FILE="${logged_in_home}/.ansible/unlock_vault.sh" | |
export no_proxy='*' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# $USER | |
[[ -n $(logname >/dev/null 2>&1) ]] && logged_in_user=$(logname) || logged_in_user=$(whoami) | |
# check os | |
if [[ ! $(uname) = "Darwin" ]]; then | |
echo "This script is for macOS only." | |
exit 1 | |
fi | |
add_keychain_password() { | |
local mypass | |
read -s -p "Enter ansible vault password: " mypass | |
security add-generic-password \ | |
-a "$logged_in_user" \ | |
-s "ansible-vault" \ | |
-w "$mypass" \ | |
-T "/usr/bin/security" | |
} | |
check_app_password() { | |
app_password=$(security find-generic-password \ | |
-a "$logged_in_user" \ | |
-s "ansible-vault" -w 2>&1 >/dev/null) | |
rc=$(echo $?) | |
if [[ $rc -ne 0 ]]; then | |
echo "No password found in keychain. " | |
add_keychain_password | |
fi | |
} | |
print_vault_password() { | |
security find-generic-password \ | |
-a $logged_in_user \ | |
-s ansible-vault -w | |
} | |
main() { | |
check_app_password | |
print_vault_password | |
} | |
main | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Inspo via Using Mac keychain to store and retrieve Ansible vault passwords · sandipb.net