Skip to main content

Simple library and CLI tool to deal with ansible vaults and encrypted strings

Project description

Ansible Vault Tools

A simple CLI tool and Python library to encrypt and decrypt strings and files using Ansible Vault, and to inspect decrypted host variables from an Ansible inventory.

Requirements

  • Python 3.11 or newer
  • ansible and ansible-vault executables available in PATH (provided by the ansible and ansible-vault packages)

Installation

Install with the optional Ansible dependencies included:

pip install "ansible-vault-tools[ansible-deps]"

Or, if you manage Ansible separately:

pip install ansible-vault-tools

Usage

CLI

ansible-vault-tools <command> [options]

encrypt — encrypt a string or file

# Encrypt a string (prompts for input if omitted)
ansible-vault-tools encrypt --string "my secret"
ansible-vault-tools encrypt -s

# Encrypt a file in place
ansible-vault-tools encrypt --file secrets.yml
ansible-vault-tools encrypt -f secrets.yml

decrypt — decrypt a variable or file

# Decrypt a specific variable for a host (prompts if omitted)
ansible-vault-tools decrypt --host webserver01 --var db_password
ansible-vault-tools decrypt -H webserver01 -v db_password

# Decrypt variables for all hosts
ansible-vault-tools decrypt --host all --var db_password

# Decrypt a vault-encrypted file (shows content, then asks to write it back)
ansible-vault-tools decrypt --file secrets.yml
ansible-vault-tools decrypt -f secrets.yml

allvars — print all variables for a host

# Print all resolved variables for a specific host
ansible-vault-tools allvars --host webserver01
ansible-vault-tools allvars -H webserver01

# Print hostvars for all hosts
ansible-vault-tools allvars --host all

Library

The individual functions can also be imported directly:

from ansible_vault_tools.main import encrypt_string, encrypt_file, decrypt_string, decrypt_file, allvars
Function Description
encrypt_string(password) Encrypt a string with ansible-vault encrypt_string
encrypt_file(filename) Encrypt a file in place with ansible-vault encrypt
decrypt_string(host, var) Decrypt a variable from Ansible inventory host(s)
decrypt_file(filename) Decrypt a vault-encrypted file
allvars(host) Return all variables for a host as JSON

License

The project is mainly licensed under Apache-2.0. It may also contain files under different licenses and copyright holders. The project is REUSE compliant so it's fully transparent.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ansible_vault_tools-0.2.3.tar.gz (4.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ansible_vault_tools-0.2.3-py3-none-any.whl (6.4 kB view details)

Uploaded Python 3

File details

Details for the file ansible_vault_tools-0.2.3.tar.gz.

File metadata

  • Download URL: ansible_vault_tools-0.2.3.tar.gz
  • Upload date:
  • Size: 4.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for ansible_vault_tools-0.2.3.tar.gz
Algorithm Hash digest
SHA256 702ad866d8ca69a9324dfaef5958d0c2903d6952db847b3b0b06cb857887d449
MD5 4f92b150c8aaacea11c5258641e8e1ce
BLAKE2b-256 b9b6d0f09c91e7566382caaebec49f5cdc1a5f76b13d557e1afbc2f909f68e5b

See more details on using hashes here.

Provenance

The following attestation bundles were made for ansible_vault_tools-0.2.3.tar.gz:

Publisher: publish.yaml on mxmehl/ansible-vault-tools

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ansible_vault_tools-0.2.3-py3-none-any.whl.

File metadata

File hashes

Hashes for ansible_vault_tools-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 8424ce860cabe937c4347a8ffa890b8da42aa38d326b34c9c9b78968c5fe73d6
MD5 6f3893903fdd1e300f2db9f2c6909c70
BLAKE2b-256 063f140fd61e526ce7f447ad3a2ba0fbbbf87b70f909d1dce16414ad71b281c5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ansible_vault_tools-0.2.3-py3-none-any.whl:

Publisher: publish.yaml on mxmehl/ansible-vault-tools

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page