diff options
author | Joshua Bayfield <61628835+jbayfield@users.noreply.github.com> | 2021-01-20 20:50:24 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-20 15:50:24 -0500 |
commit | 823c72bcb59a5628c0ce21f2145f37f61bae6db9 (patch) | |
tree | f8ef1a4639a271c73ce83165e3a3a95381511552 /lib/ansible/cli/vault.py | |
parent | bc60d8ccda7a5a5bf0776c83f76c52663378b59c (diff) | |
download | ansible-823c72bcb59a5628c0ce21f2145f37f61bae6db9.tar.gz |
Shadow input for encrypt_string by default unless asked (fixes #71618) (#73263)
* Shadow input for encrypt_string by default unless asked (fixes #71618)
Diffstat (limited to 'lib/ansible/cli/vault.py')
-rw-r--r-- | lib/ansible/cli/vault.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/ansible/cli/vault.py b/lib/ansible/cli/vault.py index 0425a1a3e1..e08a3bb461 100644 --- a/lib/ansible/cli/vault.py +++ b/lib/ansible/cli/vault.py @@ -99,6 +99,8 @@ class VaultCLI(CLI): enc_str_parser.add_argument('-p', '--prompt', dest='encrypt_string_prompt', action='store_true', help="Prompt for the string to encrypt") + enc_str_parser.add_argument('--show-input', dest='show_string_input', default=False, action='store_true', + help='Do not hide input when prompted for the string to encrypt') enc_str_parser.add_argument('-n', '--name', dest='encrypt_string_names', action='append', help="Specify the variable name") @@ -300,8 +302,13 @@ class VaultCLI(CLI): # TODO: could prompt for which vault_id to use for each plaintext string # currently, it will just be the default - # could use private=True for shadowed input if useful - prompt_response = display.prompt(msg) + hide_input = not context.CLIARGS['show_string_input'] + if hide_input: + msg = "String to encrypt (hidden): " + else: + msg = "String to encrypt:" + + prompt_response = display.prompt(msg, private=hide_input) if prompt_response == '': raise AnsibleOptionsError('The plaintext provided from the prompt was empty, not encrypting') |