diff options
| author | James Tanner <tanner.jc@gmail.com> | 2014-02-26 10:01:59 -0500 |
|---|---|---|
| committer | James Tanner <tanner.jc@gmail.com> | 2014-02-26 10:01:59 -0500 |
| commit | 7acd2f3a2d20da92823bba69f1b51c95758bb113 (patch) | |
| tree | 0d6d4f4d33016d099a42657f446f2e070992b397 /bin/ansible-vault | |
| parent | 1e33c960834680916f2083688ad507a91b0c4f08 (diff) | |
| download | ansible-7acd2f3a2d20da92823bba69f1b51c95758bb113.tar.gz | |
Addresses #6188 Add --vault-password-file option to the ansible-vault command
Diffstat (limited to 'bin/ansible-vault')
| -rwxr-xr-x | bin/ansible-vault | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/bin/ansible-vault b/bin/ansible-vault index 7d3c7f208c..75250b5e81 100755 --- a/bin/ansible-vault +++ b/bin/ansible-vault @@ -52,9 +52,10 @@ def build_option_parser(action): sys.exit() # options for all actions - #parser.add_option('-p', '--password', help="encryption key") #parser.add_option('-c', '--cipher', dest='cipher', default="AES", help="cipher to use") - parser.add_option('-d', '--debug', dest='debug', action="store_true", help="debug") + parser.add_option('--debug', dest='debug', action="store_true", help="debug") + parser.add_option('--vault-password-file', dest='password_file', + help="vault password file") # options specific to actions if action == "create": @@ -100,11 +101,21 @@ def get_opt(options, k, defval=""): # Command functions #------------------------------------------------------------------------------------- +def _read_password(filename): + f = open(filename, "rb") + data = f.read() + f.close + return data + def execute_create(args, options, parser): if len(args) > 1: raise errors.AnsibleError("'create' does not accept more than one filename") - password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True) + + if not options.password_file: + password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True) + else: + password = _read_password(options.password_file) cipher = 'AES' if hasattr(options, 'cipher'): @@ -115,7 +126,10 @@ def execute_create(args, options, parser): def execute_decrypt(args, options, parser): - password, new_password = utils.ask_vault_passwords(ask_vault_pass=True) + if not options.password_file: + password, new_password = utils.ask_vault_passwords(ask_vault_pass=True) + else: + password = _read_password(options.password_file) cipher = 'AES' if hasattr(options, 'cipher'): @@ -132,7 +146,10 @@ def execute_edit(args, options, parser): if len(args) > 1: raise errors.AnsibleError("create does not accept more than one filename") - password, new_password = utils.ask_vault_passwords(ask_vault_pass=True) + if not options.password_file: + password, new_password = utils.ask_vault_passwords(ask_vault_pass=True) + else: + password = _read_password(options.password_file) cipher = None @@ -144,7 +161,11 @@ def execute_encrypt(args, options, parser): if len(args) > 1: raise errors.AnsibleError("'create' does not accept more than one filename") - password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True) + + if not options.password_file: + password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True) + else: + password = _read_password(options.password_file) cipher = 'AES' if hasattr(options, 'cipher'): @@ -158,7 +179,13 @@ def execute_encrypt(args, options, parser): def execute_rekey(args, options, parser): - password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=True, confirm_new=True) + if not options.password_file: + password, __ = utils.ask_vault_passwords(ask_vault_pass=True) + else: + password = _read_password(options.password_file) + + __, new_password = utils.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True) + cipher = None for f in args: this_editor = VaultEditor(cipher, password, f) |