titom73/secure-repository.sh

## secure-repository.sh
#!/bin/sh

VAULT_PASSWORD="~/scripting/ansible_vault_pass"

# Die if they fat finger arguments, this program will be run as root
[ $? = 0 ] || die "Error parsing arguments. Use -e to encrypt or -d to decrypt"

while true; do
	case $1 in
		-e)
			echo "Start securing repository data before any commit"

			echo " * Enable vault with password from "$VAULT_PASSWORD
			export ANSIBLE_VAULT_PASSWORD_FILE=$VAULT_PASSWORD

			echo " * Encrypt data files in host_vars with password"
			for FILENAME in $(find host_vars/ -type f  | xargs egrep -l 'pass|token')
			do
				echo "  * Encode file: "$FILENAME
				ansible-vault encrypt $FILENAME
			done

			echo " * Encrypt data files in group_vars with password"
			for FILENAME in $(find group_vars/ -type f  | xargs egrep -l 'pass|token')
			do
				echo "  * Encode file: "$FILENAME
				ansible-vault encrypt $FILENAME
			done
			exit 0
		;;
		-d)
			echo "Start derypting repository data before any edition"

			echo " * Decrypt vault with password from "$VAULT_PASSWORD
			export ANSIBLE_VAULT_PASSWORD_FILE=$VAULT_PASSWORD

			echo " * Decrypt data files in host_vars with password"
			for FILENAME in $(find host_vars/ -type f  | xargs egrep -l 'ANSIBLE_VAULT')
			do
				echo "  * Decode file: "$FILENAME
				ansible-vault decrypt $FILENAME
			done

			echo " * Decrypt data files in group_vars with password"
			for FILENAME in $(find group_vars/ -type f  | xargs egrep -l 'ANSIBLE_VAULT')
			do
				echo "  * Decode file: "$FILENAME
				ansible-vault decrypt $FILENAME
			done
			exit 0
		;;
		--)
            # no more arguments to parse
            break
            ;;
		*)
			printf "Unknown option %s\n" "$1"
			exit 1
		;;
	esac
done
	#!/bin/sh

	VAULT_PASSWORD="~/scripting/ansible_vault_pass"

	# Die if they fat finger arguments, this program will be run as root
	[ $? = 0 ] \|\| die "Error parsing arguments. Use -e to encrypt or -d to decrypt"

	while true; do
	case $1 in
	-e)
	echo "Start securing repository data before any commit"

	echo " * Enable vault with password from "$VAULT_PASSWORD
	export ANSIBLE_VAULT_PASSWORD_FILE=$VAULT_PASSWORD

	echo " * Encrypt data files in host_vars with password"
	for FILENAME in $(find host_vars/ -type f \| xargs egrep -l 'pass\|token')
	do
	echo " * Encode file: "$FILENAME
	ansible-vault encrypt $FILENAME
	done

	echo " * Encrypt data files in group_vars with password"
	for FILENAME in $(find group_vars/ -type f \| xargs egrep -l 'pass\|token')
	do
	echo " * Encode file: "$FILENAME
	ansible-vault encrypt $FILENAME
	done
	exit 0
	;;
	-d)
	echo "Start derypting repository data before any edition"

	echo " * Decrypt vault with password from "$VAULT_PASSWORD
	export ANSIBLE_VAULT_PASSWORD_FILE=$VAULT_PASSWORD

	echo " * Decrypt data files in host_vars with password"
	for FILENAME in $(find host_vars/ -type f \| xargs egrep -l 'ANSIBLE_VAULT')
	do
	echo " * Decode file: "$FILENAME
	ansible-vault decrypt $FILENAME
	done

	echo " * Decrypt data files in group_vars with password"
	for FILENAME in $(find group_vars/ -type f \| xargs egrep -l 'ANSIBLE_VAULT')
	do
	echo " * Decode file: "$FILENAME
	ansible-vault decrypt $FILENAME
	done
	exit 0
	;;
	--)
	# no more arguments to parse
	break
	;;
	*)
	printf "Unknown option %s\n" "$1"
	exit 1
	;;
	esac
	done