Roll keys and re-encrypt secrets in any repo using Ansible Vault
Project description
ansible-vault-rekey
Roll keys and re-encrypt secrets in any repo using Ansible Vault
Free software: BSD license
Documentation: https://ansible-vault-rekey.readthedocs.io.
Usage
WARNING: Very few guardrails present. Running this without options will overwrite data by default.
Known issues / caveats:
Shows a callous disregard for whitespace and comments
Assumes it’s in a playbook directory if -r isn’t provided
Will casually write secrets to STDOUT in –debug mode
$ ansible-vault-rekey --help
Usage: ansible-vault-rekey [OPTIONS]
(Re)keys Ansible Vault repos.
Options:
--debug
--dry-run Skip any action that would overwrite an original
file.
-k, --keep-backups Keep unencrypted copies of files after a
successful rekey.
-r, --code-path TEXT Path to Ansible code.
-p, --password-file TEXT Path to password file. Default: vault-password.txt
-v, --vars-file TEXT Only operate on the file specified. Default is to
check every YAML file in Ansible role/play dirs
for encrypted assets.
--help Show this message and exit.
Installation
We have dependencies a couple of layers down which need to compile crypto libraries if you haven’t already got them. On most systems, you’ll need the following:
libffi-dev / libffi-devel
libssl-dev / openssl-devel
gcc
Features
TODO
Testing
With Docker (recommended):
docker build -t tmp . && docker run --rm -it -w /workspace -v $(pwd):/workspace tmp
Manually:
pip install -r requirements.txt -r requirements_dev.txt && python2.7 -m pytest tests/*.py
Credits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.
History
0.1.0 (2017-10-31)
First release on PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ansible-vault-rekey-1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e6cd60904d3e8d0e0c222a613c146e68309b074635cf0e1f8787e79d20d03e8c |
|
MD5 | 02be185487069ba6fa00095a0b6617df |
|
BLAKE2b-256 | f74206ff16553f52359988720c187ddcab806cb312a4a04c49aee89c07912566 |
Hashes for ansible_vault_rekey-1.0.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1d052d814fec2db58dcca546000a46c20c9b995e4e8a6c64951910deaf4d5c3c |
|
MD5 | 4cebbf014354b2016d010aacf7245572 |
|
BLAKE2b-256 | a29cb228e608cc4cdfcb88c1795de2777ec4e03244c6801deaff26c4d4faf956 |