Skip to content

Instantly share code, notes, and snippets.

@pythoninthegrass

pythoninthegrass/set_vault_password.sh

Last active April 11, 2024 17:05
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pythoninthegrass/ae3fe1f68f76483fe8babd902b737b14 to your computer and use it in GitHub Desktop.
Save pythoninthegrass/ae3fe1f68f76483fe8babd902b737b14 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible Vault w/macOS Keychain
Raw
set_vault_password.sh
#!/usr/bin/env bash
# $USER
[[ -n $(logname >/dev/null 2>&1) ]] && logged_in_user=$(logname) || logged_in_user=$(whoami)
# $UID
# logged_in_uid=$(id -u "${logged_in_user}")
# $HOME
logged_in_home=$(eval echo "~${logged_in_user}")
# also symlinked to ~/.local/bin/unlock-vault
export ANSIBLE_VAULT_PASSWORD_FILE="${logged_in_home}/.ansible/unlock_vault.sh"
export no_proxy='*'
Raw
unlock_vault.sh
#!/usr/bin/env bash
# $USER
[[ -n $(logname >/dev/null 2>&1) ]] && logged_in_user=$(logname) || logged_in_user=$(whoami)
# check os
if [[ ! $(uname) = "Darwin" ]]; then
echo "This script is for macOS only."
exit 1
fi
add_keychain_password() {
local mypass
read -s -p "Enter ansible vault password: " mypass
security add-generic-password \
-a "$logged_in_user" \
-s "ansible-vault" \
-w "$mypass" \
-T "/usr/bin/security"
}
check_app_password() {
app_password=$(security find-generic-password \
-a "$logged_in_user" \
-s "ansible-vault" -w 2>&1 >/dev/null)
rc=$(echo $?)
if [[ $rc -ne 0 ]]; then
echo "No password found in keychain. "
add_keychain_password
fi
}
print_vault_password() {
security find-generic-password \
-a $logged_in_user \
-s ansible-vault -w
}
main() {
check_app_password
print_vault_password
}
main
exit 0
@pythoninthegrass
Copy link
Author

Inspo via Using Mac keychain to store and retrieve Ansible vault passwords · sandipb.net

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment