Skip to main content

Simple library and CLI tool to deal with ansible vaults and encrypted strings

Project description

Ansible Vault Tools

A simple CLI tool and Python library to encrypt and decrypt strings and files using Ansible Vault, and to inspect decrypted host variables from an Ansible inventory.

Requirements

  • Python 3.11 or newer
  • ansible and ansible-vault executables available in PATH (provided by the ansible and ansible-vault packages)

Installation

Install with the optional Ansible dependencies included:

pip install "ansible-vault-tools[ansible-deps]"

Or, if you manage Ansible separately:

pip install ansible-vault-tools

Usage

CLI

ansible-vault-tools <command> [options]

encrypt — encrypt a string or file

# Encrypt a string (prompts for input if omitted)
ansible-vault-tools encrypt --string "my secret"
ansible-vault-tools encrypt -s

# Encrypt a file in place
ansible-vault-tools encrypt --file secrets.yml
ansible-vault-tools encrypt -f secrets.yml

decrypt — decrypt a variable or file

# Decrypt a specific variable for a host (prompts if omitted)
ansible-vault-tools decrypt --host webserver01 --var db_password
ansible-vault-tools decrypt -H webserver01 -v db_password

# Decrypt variables for all hosts
ansible-vault-tools decrypt --host all --var db_password

# Decrypt a vault-encrypted file (shows content, then asks to write it back)
ansible-vault-tools decrypt --file secrets.yml
ansible-vault-tools decrypt -f secrets.yml

allvars — print all variables for a host

# Print all resolved variables for a specific host
ansible-vault-tools allvars --host webserver01
ansible-vault-tools allvars -H webserver01

# Print hostvars for all hosts
ansible-vault-tools allvars --host all

Library

The individual functions can also be imported directly:

from ansible_vault_tools.main import encrypt_string, encrypt_file, decrypt_string, decrypt_file, allvars
Function Description
encrypt_string(password) Encrypt a string with ansible-vault encrypt_string
encrypt_file(filename) Encrypt a file in place with ansible-vault encrypt
decrypt_string(host, var) Decrypt a variable from Ansible inventory host(s)
decrypt_file(filename) Decrypt a vault-encrypted file
allvars(host) Return all variables for a host as JSON

License

The project is mainly licensed under Apache-2.0. It may also contain files under different licenses and copyright holders. The project is REUSE compliant so it's fully transparent.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ansible_vault_tools-0.2.4.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ansible_vault_tools-0.2.4-py3-none-any.whl (6.6 kB view details)

Uploaded Python 3

File details

Details for the file ansible_vault_tools-0.2.4.tar.gz.

File metadata

  • Download URL: ansible_vault_tools-0.2.4.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ansible_vault_tools-0.2.4.tar.gz
Algorithm Hash digest
SHA256 3f4eeb82e3035710899b3b58bf0c68acf3c9957be6ac2a7196dbe304d2346fa7
MD5 aa481ecca809b237b4667042eba1f643
BLAKE2b-256 f5480d8558f382fe58be8d0392ae325466c9d2bff30ab77434cf3595c80ec3aa

See more details on using hashes here.

Provenance

The following attestation bundles were made for ansible_vault_tools-0.2.4.tar.gz:

Publisher: publish.yaml on mxmehl/ansible-vault-tools

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ansible_vault_tools-0.2.4-py3-none-any.whl.

File metadata

File hashes

Hashes for ansible_vault_tools-0.2.4-py3-none-any.whl
Algorithm Hash digest
SHA256 a6652f1a0d0b8c79ba67f2d1e6521e6a2dd79777c8c11c4d20c20a6a72c8bbab
MD5 008b1a711df0075efd33bd65792a9a8c
BLAKE2b-256 95031e5f42ed78534f36e94f2f6c4d84dfded400a1a94514803fcc8e2f2ff323

See more details on using hashes here.

Provenance

The following attestation bundles were made for ansible_vault_tools-0.2.4-py3-none-any.whl:

Publisher: publish.yaml on mxmehl/ansible-vault-tools

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page