def extract_from_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) vault_data = {} if os.path.isfile(vault_file): encrypted = is_encrypted(vault_file) if encrypted: editor.decrypt_file() try: with open(vault_file, 'r') as v: vault_data = yaml.load(v) for item in args.i: key, file = item.split('=') try: if vault_data[key]: with open(file, 'wb') as unpack: unpack.write(base64.b64decode(vault_data[key])) console('Extracted %s to %s' % (key, file)) except Exception, e: console('Could not extract %s to %s, %s' % (key, file, e)) except: if encrypted: editor.encrypt_file()
def extract_from_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) vault_data = {} if os.path.isfile(vault_file): encrypted = is_encrypted(vault_file) if encrypted: editor.decrypt_file() try: with open(vault_file, 'r') as v: vault_data = yaml.load(v) for item in args.i: key, file = item.split('=') try: if vault_data[key]: with open(file, 'wb') as unpack: unpack.write(base64.b64decode(vault_data[key])) console('Extracted %s to %s' % (key, file)) except Exception, e: console('Could not extract %s to %s, %s' % (key, file, e)) except: if encrypted: editor.encrypt_file()
def create_ansible_vault(): ''' Create ansible vault with random passphrase and set SECRET_KEY. ''' def generate_passphrase(): import random import string chars = string.ascii_uppercase + string.ascii_lowercase + string.digits return ''.join(random.choice(chars) for _ in range(20)) # write the ansible vault password to disk passphrase = generate_passphrase() with open('ansible/.vault_pass.txt', 'w') as vp_file: vp_file.write('{}\n'.format(passphrase)) # create ansible vault from ansible.utils.vault import VaultEditor vault_path = 'ansible/group_vars/all/vault.yml' vault_editor = VaultEditor('AES256', passphrase, vault_path) data = '--- \nSECRET_KEY: {}'.format(generate_passphrase()) vault_editor.write_data(data, vault_path) vault_editor.encrypt_file()
def encrpyt_file(self, filename): ''' Encrypt File Args: filename: Pass the filename to encrypt. Returns: No return. ''' if not os.path.exists(filename): print "Invalid filename %s. Does not exist" % filename return if self.vault_password is None: print "ENV Variable PYANSI_VAULT_PASSWORD not set" return if self.is_file_encrypted(filename): # No need to do anything. return cipher = 'AES256' vaulteditor = VaultEditor(cipher, self.vault_password, filename) vaulteditor.encrypt_file()
def add_to_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) console("Adding entries to %s" % vault_file) if args.t and os.path.isfile(vault_file): os.remove(vault_file) vault_data = {} if os.path.isfile(vault_file): if is_encrypted(vault_file): editor.decrypt_file() with open(vault_file, 'r') as v: vault_data = yaml.load(v) vault_args = parse_vault_args(args.i) vault_data = dict(vault_data.items() + vault_args.items()) with open(vault_file, 'w') as v: v.write( yaml.dump(vault_data, default_flow_style=False) ) editor.encrypt_file()
def add_to_vault(args): vault_file = args.v password = get_password(args.p) editor = VaultEditor(args.c, password, vault_file) console("Adding entries to %s" % vault_file) if args.t and os.path.isfile(vault_file): os.remove(vault_file) vault_data = {} if os.path.isfile(vault_file): if is_encrypted(vault_file): editor.decrypt_file() with open(vault_file, 'r') as v: vault_data = yaml.load(v) vault_args = parse_vault_args(args.i) vault_data = dict(vault_data.items() + vault_args.items()) with open(vault_file, 'w') as v: v.write(yaml.dump(vault_data, default_flow_style=False)) editor.encrypt_file()