Simple library and CLI tool to deal with ansible vaults and encrypted strings
Project description
Ansible Vault Tools
A simple CLI tool and Python library to encrypt and decrypt strings and files using Ansible Vault, and to inspect decrypted host variables from an Ansible inventory.
Requirements
- Python 3.11 or newer
ansibleandansible-vaultexecutables available inPATH(provided by theansibleandansible-vaultpackages)
Installation
Install with the optional Ansible dependencies included:
pip install "ansible-vault-tools[ansible-deps]"
Or, if you manage Ansible separately:
pip install ansible-vault-tools
Usage
CLI
ansible-vault-tools <command> [options]
encrypt — encrypt a string or file
# Encrypt a string (prompts for input if omitted)
ansible-vault-tools encrypt --string "my secret"
ansible-vault-tools encrypt -s
# Encrypt a file in place
ansible-vault-tools encrypt --file secrets.yml
ansible-vault-tools encrypt -f secrets.yml
decrypt — decrypt a variable or file
# Decrypt a specific variable for a host (prompts if omitted)
ansible-vault-tools decrypt --host webserver01 --var db_password
ansible-vault-tools decrypt -H webserver01 -v db_password
# Decrypt variables for all hosts
ansible-vault-tools decrypt --host all --var db_password
# Decrypt a vault-encrypted file (shows content, then asks to write it back)
ansible-vault-tools decrypt --file secrets.yml
ansible-vault-tools decrypt -f secrets.yml
allvars — print all variables for a host
# Print all resolved variables for a specific host
ansible-vault-tools allvars --host webserver01
ansible-vault-tools allvars -H webserver01
# Print hostvars for all hosts
ansible-vault-tools allvars --host all
Library
The individual functions can also be imported directly:
from ansible_vault_tools.main import encrypt_string, encrypt_file, decrypt_string, decrypt_file, allvars
| Function | Description |
|---|---|
encrypt_string(password) |
Encrypt a string with ansible-vault encrypt_string |
encrypt_file(filename) |
Encrypt a file in place with ansible-vault encrypt |
decrypt_string(host, var) |
Decrypt a variable from Ansible inventory host(s) |
decrypt_file(filename) |
Decrypt a vault-encrypted file |
allvars(host) |
Return all variables for a host as JSON |
License
The project is mainly licensed under Apache-2.0. It may also contain files under different licenses and copyright holders. The project is REUSE compliant so it's fully transparent.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ansible_vault_tools-0.2.2.tar.gz.
File metadata
- Download URL: ansible_vault_tools-0.2.2.tar.gz
- Upload date:
- Size: 4.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
245afa602994841463812d2db9a9efde12d9faf6e77e610a5ed75d23f4a0d0a8
|
|
| MD5 |
2931a7590cc587cd2ba99f95f4e4398e
|
|
| BLAKE2b-256 |
a0c028b2fc7d065c2c7de7fa10745e0a796c9821238b5e0053123500851aa55d
|
Provenance
The following attestation bundles were made for ansible_vault_tools-0.2.2.tar.gz:
Publisher:
publish.yaml on mxmehl/ansible-vault-tools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ansible_vault_tools-0.2.2.tar.gz -
Subject digest:
245afa602994841463812d2db9a9efde12d9faf6e77e610a5ed75d23f4a0d0a8 - Sigstore transparency entry: 1340624549
- Sigstore integration time:
-
Permalink:
mxmehl/ansible-vault-tools@adb73e339702684a14b551454d16a1866aad8dce -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/mxmehl
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yaml@adb73e339702684a14b551454d16a1866aad8dce -
Trigger Event:
release
-
Statement type:
File details
Details for the file ansible_vault_tools-0.2.2-py3-none-any.whl.
File metadata
- Download URL: ansible_vault_tools-0.2.2-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb153cbc7878ae04a26abaab6bbd494c03cc4377d7828fceaa97202b6ab19657
|
|
| MD5 |
9ac64aa268bcc9fd303d71054566699b
|
|
| BLAKE2b-256 |
38b74d254ebefddf4e85f0200b0c0bb5e375fb1974eabbd873451258b973de66
|
Provenance
The following attestation bundles were made for ansible_vault_tools-0.2.2-py3-none-any.whl:
Publisher:
publish.yaml on mxmehl/ansible-vault-tools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ansible_vault_tools-0.2.2-py3-none-any.whl -
Subject digest:
fb153cbc7878ae04a26abaab6bbd494c03cc4377d7828fceaa97202b6ab19657 - Sigstore transparency entry: 1340624552
- Sigstore integration time:
-
Permalink:
mxmehl/ansible-vault-tools@adb73e339702684a14b551454d16a1866aad8dce -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/mxmehl
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yaml@adb73e339702684a14b551454d16a1866aad8dce -
Trigger Event:
release
-
Statement type:
