It's to be used outside of ansible, to help change vaulted vars more easily for users. I'll look at your snippet and see if I can make it work for me, I was trying to avoid running `ansible-vault` using pure python. On Wednesday, August 31, 2022 at 7:55:07 PM UTC+2 [email protected] wrote:
> It isn't clear whether you're trying to do this inside or outside of > Ansible. If outside, you can have your python script call ansible-vault and > pass the data you want to encrypt or decrypt via stdin/stdout. I got this > working in > > https://gist.github.com/utoddl/66baa4154618ba1fc8ec8127483e7e89 > > which is a filter I can pass a subset of yaml data through from $EDITOR, > and it will decrypt encrypted values, or decrypt encrypted values. It > preserves the original yaml's indentation, so greatly simplifies > maintenance of secrets in otherwise readable vars files. (ToDo: It doesn't > preserve comments.) You should be able to adapt it for your purposes. > Here's the blurb from the top of that gist: > > """Filter for "ansible-vault"ing YAML Data Values > > This script allows an ansible user to pass lines of yaml data > through it to get string values vaulted and/or already-vaulted values > unvaulted, thus simplifying the maintenance of vaulted strings in > Ansible vars files and eliminating the need to vault entire files. > > It takes a single optional positional argument, which is the > Ansible vault identity to use for encryption. This defaults to the > value of the ANSIBLE_VAULT_IDENTITY environment variable. If any > encryption is performed, either the environment variable or the > positional parameter must be provided. (Values from any ansible.cfg > files are insufficient.) """ > > On Wednesday, August 31, 2022 at 10:51:46 AM UTC-4 [email protected] wrote: > >> Modules should not have direct access to vault secrets, but you can >> provide them to module options via the unvault/vault filters: (last >> ones in section) >> >> >> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords >> -- >> ---------- >> Brian Coca >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/80c79560-a9fa-41c4-87b4-068175f6e0f5n%40googlegroups.com.
