Roll keys and re-encrypt secrets in any repo using Ansible Vault
Project description
ansible-vault-rekey
Roll keys and re-encrypt secrets in any repo using Ansible Vault
Free software: BSD license
Documentation: https://ansible-vault-rekey.readthedocs.io.
Usage
WARNING: Very few guardrails present. Running this without options will overwrite data by default.
Known issues / caveats:
Shows a callous disregard for whitespace and comments
Assumes it’s in a playbook directory if -r isn’t provided
Will casually write secrets to STDOUT in –debug mode
$ ansible-vault-rekey --help
Usage: ansible-vault-rekey [OPTIONS]
(Re)keys Ansible Vault repos.
Options:
--debug
--dry-run Skip any action that would overwrite an original
file.
-k, --keep-backups Keep unencrypted copies of files after a
successful rekey.
-r, --code-path TEXT Path to Ansible code.
-p, --password-file TEXT Path to password file. Default: vault-password.txt
-v, --vars-file TEXT Only operate on the file specified. Default is to
check every YAML file in Ansible role/play dirs
for encrypted assets.
--help Show this message and exit.You can confirm that your secrets were rencryped properly by running debug on an encrypted var or file. eg:
ansible --vault-password-file vault-password.txt -e "@group_vars/all.yml" -i localhost, -c local -m debug -a var=somesecurevar localhostInstallation
pip install ansible-vault-rekeyWe have dependencies a couple of layers down which need to compile crypto libraries if you haven’t already got them. On most systems, you’ll need the following:
libffi-dev / libffi-devel
libssl-dev / openssl-devel
gcc
Features
TODO
Testing
With Docker (recommended):
docker build -t tmp . && docker run --rm -it -w /workspace -v $(pwd):/workspace tmpManually:
pip install -r requirements.txt pytest & python -m pytest tests/*.pyCredits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.
History
2.0.1 (2020-12-31)
Fix improper encrypting YAML files
2.0.0 (2020-12-31)
Fix dependencies errors
Dropped support for Python2 and Python 3.5
Added support for Python 3.7, 3.8, 3.9
0.1.0 (2017-10-31)
First release on PyPI.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file ansible-vault-rekey-2.0.1.tar.gz.
File metadata
- Download URL: ansible-vault-rekey-2.0.1.tar.gz
- Upload date:
- Size: 11.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.1.1 requests-toolbelt/0.9.1 tqdm/4.55.0 CPython/3.6.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | cbbc6d425deb6f22d525dbcc928fb9d48ae76342c421d9f6b1fa284ee9b7d317 |
|
| MD5 | aa4fd6feb2dac62fae40f69d387a8b23 |
|
| BLAKE2b-256 | 8dd2651013e84930308686c40e74299c19e29e8b31cea7551652b376056a53f9 |
File details
Details for the file ansible_vault_rekey-2.0.1-py2.py3-none-any.whl.
File metadata
- Download URL: ansible_vault_rekey-2.0.1-py2.py3-none-any.whl
- Upload date:
- Size: 10.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.1.1 requests-toolbelt/0.9.1 tqdm/4.55.0 CPython/3.6.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5aee4bff099c1a4437ae352fa4734358794cdae9c87694be840fd438f8e9eab8 |
|
| MD5 | dc8d58c11da9e0bc6fc6a6e6386c26b6 |
|
| BLAKE2b-256 | 41ef67208a1a90bd56f0f18879b5529e2a076b5f6ac05ef6e40a6ccce2fa1c83 |
