Decrypt all ansible vault files in a project recursively for search/editing, then re-encrypt when done.
Project description
pilfer
Decrypt all ansible vault files in a project recursively for search/editing, then re-encrypt them all at once when you're done.
Borrows heavily from the excellent, but no longer supported Ansible Toolkit.
Updated for Python 3 compatibility with modern features and ansible.cfg integration.
Tested with Ansible v2.18.x and Python 3.12.x
Features
- Python 3 compatible - Modernized for current Python versions
- ansible.cfg integration - Automatically reads
vault_password_filefrom your ansible.cfg - Change detection - Only re-encrypts files that were actually modified (using SHA256)
- Safe operation - Preserves original encrypted content for unchanged files
- No third-party dependencies - Uses Ansible's official vault implementation directly
- Binary data preservation - Preserves exact line endings and formatting (critical for certificates)
Usage
pilfer [open|close] [-p VAULT_PASSWORD_FILE]
Basic Usage
Option 1: Standalone Script (No Installation)
- Download
pilfer.pyand place it in your Ansible project directory - Run
python pilfer.py opento decrypt all vaulted files recursively - Edit/search plaintext as needed
- Run
python pilfer.py closeto re-encrypt any changed files
Option 2: Installed via pipx (Recommended)
- Install pilfer via pipx:
pipx install pilfer - Run
pilfer opento decrypt all vaulted files recursively - Edit/search plaintext as needed
- Run
pilfer closeto re-encrypt any changed files
Any unchanged files will be returned to their original state.
Vault Password File Detection
The script automatically detects your vault password file in this order:
- Command line argument:
-p /path/to/vault/file - ansible.cfg: Reads
vault_password_filefrom[defaults]section - Common locations:
~/.ansible-vault/.vault-file../../vault_password_file.vault_passwordvault_password_file
Examples
Using the installed version:
# Use ansible.cfg vault_password_file setting (recommended)
pilfer open
# Specify custom vault password file
pilfer open -p ~/.my-vault-password
# Close and re-encrypt modified files
pilfer close
Using the standalone script:
# Use ansible.cfg vault_password_file setting (recommended)
python pilfer.py open
# Specify custom vault password file
python pilfer.py open -p ~/.my-vault-password
# Close and re-encrypt modified files
python pilfer.py close
Installation
Option 1: Standalone Script (No Installation Required)
Download and use the standalone script directly:
# Download the standalone script
curl -O https://raw.githubusercontent.com/aioue/pilfer/main/pilfer.py
# Make it executable (required for ./pilfer.py usage)
chmod +x pilfer.py
# Use it directly
./pilfer.py open
# OR
python pilfer.py open
Option 2: Install via pipx (Recommended for Regular Use)
Python 3.6+ is required. Install pilfer using pipx for isolated CLI tool management:
# Install pilfer via pipx (recommended)
pipx install pilfer
# Verify installation
pilfer --help
Alternative Installation Methods
If you prefer other installation methods:
# Install from source (in development mode)
git clone https://github.com/aioue/pilfer.git
cd pilfer
pip install -e .
# Direct pip installation (not recommended for CLI tools)
pip install pilfer
Requirements
Pilfer requires Ansible to be available. If not already installed:
# Using pipx (recommended for CLI tools)
pipx install ansible
# Using pip
pip install ansible
# System package manager
# Ubuntu/Debian:
sudo apt update && sudo apt install ansible
# RHEL/CentOS/Fedora:
sudo dnf install ansible
# macOS:
brew install ansible
ansible.cfg Setup (Recommended)
Add to your ansible.cfg:
[defaults]
vault_password_file = ~/.ansible-vault/.vault-file
This eliminates the need to manually configure vault password paths.
Development and Publishing
For Developers
To set up for development:
# Clone the repository
git clone https://github.com/aioue/pilfer.git
cd pilfer
# Install in development mode
pip install -e .
# Make changes and test
pilfer --help
Publishing to PyPI
Prerequisites:
# Install build tools
pip install build twine
# Configure PyPI credentials
# ~/.pypirc or use environment variables
Build and publish:
# Make the script executable
chmod +x build_and_publish.sh
# Publish to TestPyPI first
./build_and_publish.sh test
# After testing, publish to production PyPI
./build_and_publish.sh prod
The build script will:
- Clean previous builds
- Build the package using modern Python packaging
- Upload to PyPI/TestPyPI using twine
- Provide installation instructions
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pilfer-1.0.1.tar.gz.
File metadata
- Download URL: pilfer-1.0.1.tar.gz
- Upload date:
- Size: 19.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e7f6f0fc2e1eb017387b29acddc8bd828b219dda9b803be2bf52ee2de53fe708
|
|
| MD5 |
7807b603c0577cd3b4b4adad93a8dce0
|
|
| BLAKE2b-256 |
5144aa734d36c8e1b323921c3e48df28b0f9d44610772c4910e8361d0e80fae7
|
File details
Details for the file pilfer-1.0.1-py3-none-any.whl.
File metadata
- Download URL: pilfer-1.0.1-py3-none-any.whl
- Upload date:
- Size: 6.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f10eb6e46517dcc65d5684a99cc27c7227a789c5e97bd2240a8e8b97e7dc5899
|
|
| MD5 |
6b75a36b5337e91973171a59d6794659
|
|
| BLAKE2b-256 |
e026d15dbd86cc8c2194432d9f530068cda68c1aa8c8e70aa2c31da6bbe58598
|
