Last active
March 4, 2021 07:37
-
-
Save vietanhduong/59a02e655bc474b31ae7f885768b5fd5 to your computer and use it in GitHub Desktop.
Encrypt ansible variables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| VAULT=".vault" | |
| trap "rm -f $VAULT" EXIT | |
| #================ | |
| if ! command -v "ansible-vault" $> /dev/null; then | |
| echo "Not found command 'ansible-vault'." | |
| exit 1 | |
| fi | |
| enc_key="${1:-$ENC_KEY}" | |
| if [[ -z "$enc_key" ]]; then | |
| read -p "Enter encrypt key: " enc_key | |
| if [[ -z "$enc_key" ]]; then exit 1; fi | |
| fi | |
| echo "$enc_key" > "$VAULT" | |
| read -p "Enter input file (enc_input.txt): " in_file | |
| in_file="${in_file:-enc_input.txt}" | |
| if ! test -f "$in_file"; then | |
| echo "$in_file does not exist." | |
| exit 1 | |
| fi | |
| echo -e "-----\n" | |
| while read line || [ -n "$line" ]; do | |
| [[ -z "$line" ]] && continue | |
| [[ "$line" = \#* ]] && continue | |
| IFS='=' read -r var value <<< "$line" | |
| read enc_value <<< $(ansible-vault encrypt_string --vault-password-file "$VAULT" "$value" --name "$var") | |
| IFS='|' read -r vault_tag enc_value <<< "$enc_value" | |
| f_val="$(echo "$enc_value" | sed 's/ /\n\t/g')" | |
| echo -e "$vault_tag|$f_val\n" | |
| done < "$in_file" | |
| ################################################## | |
| # Example # | |
| ################################################## | |
| # enc_input.txt | |
| # var1=value_need_encrypt1 | |
| # | |
| # var2=value_need_encrypt2 | |
| # | |
| # var3=value_need_encrypt3 | |
| # | |
| # #comment will be ignore | |
| # var4=value_need_encrypt4 | |
| ## ./vault-enc.sh your-key | |
| #### OUTPUT | |
| # var1: !vault | | |
| # $ANSIBLE_VAULT;1.1;AES256 | |
| # 63616235636463306466323363323164376266313364666265303030333366383135653539326665 | |
| # 6138663365666461346136616431303063326661333863320a333966626461363164646662653937 | |
| # 39366230376331663765373561623134343331643065616265626232646363366463613533386161 | |
| # 3862366362356663650a323365376630363666346535636636303433376635646530353438303035 | |
| # 65633563653936333562343136613836353839326264366532326534306261373865 | |
| # var2: !vault | | |
| # $ANSIBLE_VAULT;1.1;AES256 | |
| # 32306239343861373039343638663735626163653962303539363537656132613831346466633865 | |
| # 6335353361343232303131393033666334396265386537380a333930333432376332393536323463 | |
| # 64626430363737376366383334636630656431313939333233666663333939326366393036326231 | |
| # 3332326333636238630a653366346534656330393564353338633064643733333765646332383632 | |
| # 38353037323437303831383064666164656633323532386135346263613835376234 | |
| # var3: !vault | | |
| # $ANSIBLE_VAULT;1.1;AES256 | |
| # 38636133623533353832663135633261636139353433663637383261336530646435363563653734 | |
| # 3631373639353534636537613137313039306163616263340a633362346361343836633039393462 | |
| # 38343530373631366631366263346662333239663263366665663531336231326366373034663938 | |
| # 6431393238303136320a353335656332323066626335613139363762313338356639333531633433 | |
| # 65326634326133663261363462663038353138366633656465393862646137633430 | |
| # var4: !vault | | |
| # $ANSIBLE_VAULT;1.1;AES256 | |
| # 30316537616162613135303936303566636632663262303039656136326432393737393130616236 | |
| # 3365356338643635363434646363666232336232313533350a623834636661373166313866303338 | |
| # 34326632383836613732356533313863363037623539623063366664663630346136303865396135 | |
| # 6538346564343639330a613638393165313637376434643035333133396235363839626633666637 | |
| # 37326663356433313733663962303462356135326363633831316437316632613633 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment