Skip to main content

Roll keys and re-encrypt secrets in any repo using Ansible Vault

Project description

ansible-vault-rekey

https://img.shields.io/pypi/v/ansible-vault-rekey.svg https://img.shields.io/travis/inhumantsar/python-ansible-vault-rekey.svg Documentation Status Updates Python 3

Roll keys and re-encrypt secrets in any repo using Ansible Vault

Usage

WARNING: Very few guardrails present. Running this without options will overwrite data by default.

Known issues / caveats:

  • Shows a callous disregard for whitespace and comments
  • Assumes it’s in a playbook directory if -r isn’t provided
  • Will casually write secrets to STDOUT in –debug mode
$ ansible-vault-rekey --help
Usage: ansible-vault-rekey [OPTIONS]

  (Re)keys Ansible Vault repos.

Options:
  --debug
  --dry-run                 Skip any action that would overwrite an original
                            file.
  -k, --keep-backups        Keep unencrypted copies of files after a
                            successful rekey.
  -r, --code-path TEXT      Path to Ansible code.
  -p, --password-file TEXT  Path to password file. Default: vault-password.txt
  -v, --vars-file TEXT      Only operate on the file specified. Default is to
                            check every YAML file in Ansible role/play dirs
                            for encrypted assets.
  --help                    Show this message and exit.

Installation

We have dependencies a couple of layers down which need to compile crypto libraries if you haven’t already got them. On most systems, you’ll need the following:

  • libffi-dev / libffi-devel
  • libssl-dev / openssl-devel
  • gcc

Features

  • TODO

Testing

With Docker (recommended):

docker build -t tmp . && docker run --rm -it -w /workspace -v $(pwd):/workspace tmp

Manually:

pip install -r requirements.txt -r requirements_dev.txt && python2.7 -m pytest tests/*.py

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

History

0.1.0 (2017-10-31)

  • First release on PyPI.

Project details


Release history Release notifications

This version
History Node

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
ansible_vault_rekey-1.0.0-py2.py3-none-any.whl (10.7 kB) Copy SHA256 hash SHA256 Wheel py2.py3
ansible-vault-rekey-1.0.0.tar.gz (12.6 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page