diff options
| author | Adrian Likins <alikins@redhat.com> | 2017-02-17 10:12:14 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-17 10:12:14 -0500 |
| commit | 7b6c992c46ad5761ad9a946846c2c8ac18028537 (patch) | |
| tree | 63115e05f309dafc10ffc1f633ffccc04c5ca058 /lib/ansible/parsing | |
| parent | fe02dbecc019b91ab6d47667bb6c9b38b41b54c2 (diff) | |
| download | ansible-7b6c992c46ad5761ad9a946846c2c8ac18028537.tar.gz | |
Vault encrypt string cli (#21024)
* Add a vault 'encrypt_string' command.
The command will encrypt the string on the command
line and print out the yaml block that can be included
in a playbook.
To be prompted for a string to encrypt:
ansible-vault encrypt_string --prompt
To specify a string on the command line:
ansible-vault encrypt_string "some string to encrypt"
To read a string from stdin to encrypt:
echo "the plaintext to encrypt" | ansible-vault encrypt_string
If a --name or --stdin-name is provided, the output will include that name in yaml key value format:
$ ansible-vault encrypt_string "42" --name "the_answer"
the_answer: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
<vault cipher text here>
plaintext provided via prompt, cli, and/or stdin can be mixed:
$ ansible-vault encrypt_string "42" --name "the_answer" --prompt
Vault password:
Variable name (enter for no name): some_variable
String to encrypt: microfiber
# The encrypted version of variable ("some_variable", the string #1 from the interactive prompt).
some_variable: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
< vault cipher text here>
# The encrypted version of variable ("the_answer", the string #2 from the command line args).
the_answer: !vault-encrypted |
$ANSIBLE_VAULT;1.1;AES256
< vault cipher text here>
Encryption successful
* add stdin and prompting to vault 'encrypt_string'
* add a --name to encrypt_string to optional specify a var name
* prompt for a var name to use with --prompt
* add a --stdin-name for the var name for value read from stdin
Diffstat (limited to 'lib/ansible/parsing')
| -rw-r--r-- | lib/ansible/parsing/vault/__init__.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index 3c7a89a94c..2a98511f88 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -414,6 +414,13 @@ class VaultEditor: # shuffle tmp file into place self.shuffle_files(tmp_path, filename) + def encrypt_bytes(self, b_plaintext): + check_prereqs() + + b_ciphertext = self.vault.encrypt(b_plaintext) + + return b_ciphertext + def encrypt_file(self, filename, output_file=None): check_prereqs() |