def extract_from_vault(args):
vault_file = args.v
password = get_password(args.p)
editor = VaultEditor(args.c, password, vault_file)
vault_data = {}
if os.path.isfile(vault_file):
encrypted = is_encrypted(vault_file)
if encrypted:
editor.decrypt_file()
try:
with open(vault_file, 'r') as v:
vault_data = yaml.load(v)
for item in args.i:
key, file = item.split('=')
try:
if vault_data[key]:
with open(file, 'wb') as unpack:
unpack.write(base64.b64decode(vault_data[key]))
console('Extracted %s to %s' % (key, file))
except Exception, e:
console('Could not extract %s to %s, %s' % (key, file, e))
except:
if encrypted:
editor.encrypt_file()
def extract_from_vault(args):
vault_file = args.v
password = get_password(args.p)
editor = VaultEditor(args.c, password, vault_file)
vault_data = {}
if os.path.isfile(vault_file):
encrypted = is_encrypted(vault_file)
if encrypted:
editor.decrypt_file()
try:
with open(vault_file, 'r') as v:
vault_data = yaml.load(v)
for item in args.i:
key, file = item.split('=')
try:
if vault_data[key]:
with open(file, 'wb') as unpack:
unpack.write(base64.b64decode(vault_data[key]))
console('Extracted %s to %s' % (key, file))
except Exception, e:
console('Could not extract %s to %s, %s' % (key, file, e))
except:
if encrypted:
editor.encrypt_file()
def create_ansible_vault():
'''
Create ansible vault with random passphrase and set SECRET_KEY.
'''
def generate_passphrase():
import random
import string
chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
return ''.join(random.choice(chars) for _ in range(20))
# write the ansible vault password to disk
passphrase = generate_passphrase()
with open('ansible/.vault_pass.txt', 'w') as vp_file:
vp_file.write('{}\n'.format(passphrase))
# create ansible vault
from ansible.utils.vault import VaultEditor
vault_path = 'ansible/group_vars/all/vault.yml'
vault_editor = VaultEditor('AES256', passphrase, vault_path)
data = '--- \nSECRET_KEY: {}'.format(generate_passphrase())
vault_editor.write_data(data, vault_path)
vault_editor.encrypt_file()
def encrpyt_file(self, filename):
'''
Encrypt File
Args:
filename: Pass the filename to encrypt.
Returns:
No return.
'''
if not os.path.exists(filename):
print "Invalid filename %s. Does not exist" % filename
return
if self.vault_password is None:
print "ENV Variable PYANSI_VAULT_PASSWORD not set"
return
if self.is_file_encrypted(filename):
# No need to do anything.
return
cipher = 'AES256'
vaulteditor = VaultEditor(cipher, self.vault_password, filename)
vaulteditor.encrypt_file()
def add_to_vault(args):
vault_file = args.v
password = get_password(args.p)
editor = VaultEditor(args.c, password, vault_file)
console("Adding entries to %s" % vault_file)
if args.t and os.path.isfile(vault_file):
os.remove(vault_file)
vault_data = {}
if os.path.isfile(vault_file):
if is_encrypted(vault_file):
editor.decrypt_file()
with open(vault_file, 'r') as v:
vault_data = yaml.load(v)
vault_args = parse_vault_args(args.i)
vault_data = dict(vault_data.items() + vault_args.items())
with open(vault_file, 'w') as v:
v.write( yaml.dump(vault_data, default_flow_style=False) )
editor.encrypt_file()
def add_to_vault(args):
vault_file = args.v
password = get_password(args.p)
editor = VaultEditor(args.c, password, vault_file)
console("Adding entries to %s" % vault_file)
if args.t and os.path.isfile(vault_file):
os.remove(vault_file)
vault_data = {}
if os.path.isfile(vault_file):
if is_encrypted(vault_file):
editor.decrypt_file()
with open(vault_file, 'r') as v:
vault_data = yaml.load(v)
vault_args = parse_vault_args(args.i)
vault_data = dict(vault_data.items() + vault_args.items())
with open(vault_file, 'w') as v:
v.write(yaml.dump(vault_data, default_flow_style=False))
editor.encrypt_file()
