Exemplo n.º 1
0
def extract_from_vault(args):

    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):

        encrypted = is_encrypted(vault_file)
        if encrypted:
            editor.decrypt_file()

        try:
            with open(vault_file, 'r') as v:
                vault_data = yaml.load(v)

            for item in args.i:
                key, file = item.split('=')
                try:
                    if vault_data[key]:
                        with open(file, 'wb') as unpack:
                            unpack.write(base64.b64decode(vault_data[key]))
                        console('Extracted %s to %s' % (key, file))
                except Exception, e:
                    console('Could not extract %s to %s, %s' % (key, file, e))
        except:
            if encrypted:
                editor.encrypt_file()
Exemplo n.º 2
0
def extract_from_vault(args):

    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):

        encrypted = is_encrypted(vault_file)
        if encrypted:
            editor.decrypt_file()

        try:
            with open(vault_file, 'r') as v:
                vault_data = yaml.load(v)

            for item in args.i:
                key, file = item.split('=')
                try:
                    if vault_data[key]:
                        with open(file, 'wb') as unpack:
                            unpack.write(base64.b64decode(vault_data[key]))
                        console('Extracted %s to %s' % (key, file))
                except Exception, e:
                    console('Could not extract %s to %s, %s' % (key, file, e))
        except:
            if encrypted:
                editor.encrypt_file()
def create_ansible_vault():
    '''
    Create ansible vault with random passphrase and set SECRET_KEY.
    '''
    def generate_passphrase():
        import random
        import string
        chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
        return ''.join(random.choice(chars) for _ in range(20))

    # write the ansible vault password to disk
    passphrase = generate_passphrase()
    with open('ansible/.vault_pass.txt', 'w') as vp_file:
        vp_file.write('{}\n'.format(passphrase))

    # create ansible vault
    from ansible.utils.vault import VaultEditor
    vault_path = 'ansible/group_vars/all/vault.yml'
    vault_editor = VaultEditor('AES256', passphrase, vault_path)
    data = '--- \nSECRET_KEY: {}'.format(generate_passphrase())
    vault_editor.write_data(data, vault_path)
    vault_editor.encrypt_file()
Exemplo n.º 4
0
    def encrpyt_file(self, filename):
        '''
        Encrypt File
        Args:
            filename: Pass the filename to encrypt.
        Returns:
            No return.
        '''
        if not os.path.exists(filename):
            print "Invalid filename %s. Does not exist" % filename
            return

        if self.vault_password is None:
            print "ENV Variable PYANSI_VAULT_PASSWORD not set"
            return

        if self.is_file_encrypted(filename):
            # No need to do anything.
            return

        cipher = 'AES256'
        vaulteditor = VaultEditor(cipher, self.vault_password, filename)
        vaulteditor.encrypt_file()
Exemplo n.º 5
0
def add_to_vault(args):
    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    console("Adding entries to %s" % vault_file)
    if args.t and os.path.isfile(vault_file):
        os.remove(vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):
        if is_encrypted(vault_file):
            editor.decrypt_file()
        with open(vault_file, 'r') as v:
            vault_data = yaml.load(v)

    vault_args = parse_vault_args(args.i)
    vault_data = dict(vault_data.items() + vault_args.items())

    with open(vault_file, 'w') as v:
        v.write( yaml.dump(vault_data, default_flow_style=False) )

    editor.encrypt_file()
Exemplo n.º 6
0
def add_to_vault(args):
    vault_file = args.v
    password = get_password(args.p)
    editor = VaultEditor(args.c, password, vault_file)

    console("Adding entries to %s" % vault_file)
    if args.t and os.path.isfile(vault_file):
        os.remove(vault_file)

    vault_data = {}
    if os.path.isfile(vault_file):
        if is_encrypted(vault_file):
            editor.decrypt_file()
        with open(vault_file, 'r') as v:
            vault_data = yaml.load(v)

    vault_args = parse_vault_args(args.i)
    vault_data = dict(vault_data.items() + vault_args.items())

    with open(vault_file, 'w') as v:
        v.write(yaml.dump(vault_data, default_flow_style=False))

    editor.encrypt_file()