Created
October 2, 2017 05:22
-
-
Save titom73/7202068b686c43db7d20a8ccb9abe782 to your computer and use it in GitHub Desktop.
Ansible Vault - Encrypt / Decrypt files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
VAULT_PASSWORD="~/scripting/ansible_vault_pass" | |
# Die if they fat finger arguments, this program will be run as root | |
[ $? = 0 ] || die "Error parsing arguments. Use -e to encrypt or -d to decrypt" | |
while true; do | |
case $1 in | |
-e) | |
echo "Start securing repository data before any commit" | |
echo " * Enable vault with password from "$VAULT_PASSWORD | |
export ANSIBLE_VAULT_PASSWORD_FILE=$VAULT_PASSWORD | |
echo " * Encrypt data files in host_vars with password" | |
for FILENAME in $(find host_vars/ -type f | xargs egrep -l 'pass|token') | |
do | |
echo " * Encode file: "$FILENAME | |
ansible-vault encrypt $FILENAME | |
done | |
echo " * Encrypt data files in group_vars with password" | |
for FILENAME in $(find group_vars/ -type f | xargs egrep -l 'pass|token') | |
do | |
echo " * Encode file: "$FILENAME | |
ansible-vault encrypt $FILENAME | |
done | |
exit 0 | |
;; | |
-d) | |
echo "Start derypting repository data before any edition" | |
echo " * Decrypt vault with password from "$VAULT_PASSWORD | |
export ANSIBLE_VAULT_PASSWORD_FILE=$VAULT_PASSWORD | |
echo " * Decrypt data files in host_vars with password" | |
for FILENAME in $(find host_vars/ -type f | xargs egrep -l 'ANSIBLE_VAULT') | |
do | |
echo " * Decode file: "$FILENAME | |
ansible-vault decrypt $FILENAME | |
done | |
echo " * Decrypt data files in group_vars with password" | |
for FILENAME in $(find group_vars/ -type f | xargs egrep -l 'ANSIBLE_VAULT') | |
do | |
echo " * Decode file: "$FILENAME | |
ansible-vault decrypt $FILENAME | |
done | |
exit 0 | |
;; | |
--) | |
# no more arguments to parse | |
break | |
;; | |
*) | |
printf "Unknown option %s\n" "$1" | |
exit 1 | |
;; | |
esac | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment