Addresses #6188 Add --vault-password-file to bin/ansible and bin/ansible-playbook

1 files changed, 18 insertions, 0 deletions

diff --git a/bin/ansible-playbook b/bin/ansible-playbook
index f8c219eb2d..5aa020a924 100755
--- a/bin/ansible-playbook
+++ b/bin/ansible-playbook
@@ -92,6 +92,9 @@ def main(args):
                          "and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
                          "mutually exclusive")
 
+    if (options.ask_vault_pass and options.vault_password_file):
+            parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")
+
     inventory = ansible.inventory.Inventory(options.inventory)
     inventory.subset(options.subset)
     if len(inventory.list_hosts()) == 0:
@@ -110,10 +113,25 @@ def main(args):
             options.ask_pass = False
         options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
         options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
+        options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
         (sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
         options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER
         options.su_user = options.su_user or C.DEFAULT_SU_USER
 
+        if options.vault_password_file:
+            this_path = os.path.expanduser(options.vault_password_file)
+            try:
+                f = open(this_path, "rb")
+                tmp_vault_pass=f.read()
+                f.close()
+            except (OSError, IOError), e:
+                raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
+
+            # get rid of newline chars
+            tmp_vault_pass = tmp_vault_pass.strip()
+
+            if not options.ask_vault_pass:
+                vault_pass = tmp_vault_pass
 
     extra_vars = {}
     for extra_vars_opt in options.extra_vars: