From 7acd2f3a2d20da92823bba69f1b51c95758bb113 Mon Sep 17 00:00:00 2001
From: James Tanner <tanner.jc@gmail.com>
Date: Wed, 26 Feb 2014 10:01:59 -0500
Subject: Addresses #6188 Add --vault-password-file option to the ansible-vault
 command

---
 bin/ansible-vault | 41 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 34 insertions(+), 7 deletions(-)

(limited to 'bin/ansible-vault')

diff --git a/bin/ansible-vault b/bin/ansible-vault
index 7d3c7f208c..75250b5e81 100755
--- a/bin/ansible-vault
+++ b/bin/ansible-vault
@@ -52,9 +52,10 @@ def build_option_parser(action):
         sys.exit()
 
     # options for all actions
-    #parser.add_option('-p', '--password', help="encryption key")
     #parser.add_option('-c', '--cipher', dest='cipher', default="AES", help="cipher to use")
-    parser.add_option('-d', '--debug', dest='debug', action="store_true", help="debug")
+    parser.add_option('--debug', dest='debug', action="store_true", help="debug")
+    parser.add_option('--vault-password-file', dest='password_file',
+                    help="vault password file")
 
     # options specific to actions
     if action == "create":
@@ -100,11 +101,21 @@ def get_opt(options, k, defval=""):
 # Command functions
 #-------------------------------------------------------------------------------------
 
+def _read_password(filename):
+    f = open(filename, "rb")
+    data = f.read()
+    f.close
+    return data
+
 def execute_create(args, options, parser):
 
     if len(args) > 1:
         raise errors.AnsibleError("'create' does not accept more than one filename")        
-    password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
+
+    if not options.password_file:        
+        password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
+    else:
+        password = _read_password(options.password_file)
 
     cipher = 'AES'
     if hasattr(options, 'cipher'):
@@ -115,7 +126,10 @@ def execute_create(args, options, parser):
 
 def execute_decrypt(args, options, parser):
 
-    password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+    if not options.password_file:        
+        password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+    else:
+        password = _read_password(options.password_file)
 
     cipher = 'AES'
     if hasattr(options, 'cipher'):
@@ -132,7 +146,10 @@ def execute_edit(args, options, parser):
     if len(args) > 1:
         raise errors.AnsibleError("create does not accept more than one filename")        
 
-    password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+    if not options.password_file:        
+        password, new_password = utils.ask_vault_passwords(ask_vault_pass=True)
+    else:
+        password = _read_password(options.password_file)
 
     cipher = None
 
@@ -144,7 +161,11 @@ def execute_encrypt(args, options, parser):
 
     if len(args) > 1:
         raise errors.AnsibleError("'create' does not accept more than one filename")        
-    password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
+
+    if not options.password_file:        
+        password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, confirm_vault=True)
+    else:
+        password = _read_password(options.password_file)
 
     cipher = 'AES'
     if hasattr(options, 'cipher'):
@@ -158,7 +179,13 @@ def execute_encrypt(args, options, parser):
 
 def execute_rekey(args, options, parser):
 
-    password, new_password = utils.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=True, confirm_new=True)
+    if not options.password_file:        
+        password, __ = utils.ask_vault_passwords(ask_vault_pass=True)
+    else:
+        password = _read_password(options.password_file)
+
+    __, new_password = utils.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
+
     cipher = None
     for f in args:
         this_editor = VaultEditor(cipher, password, f)
-- 
cgit v1.2.1