-
Notifications
You must be signed in to change notification settings - Fork 0
/
encryptansible
executable file
·109 lines (90 loc) · 2.16 KB
/
encryptansible
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash
# Wrapper for Ansible Vault
# Load GPG agent's soocket if it isn't there
[ -z "$SSH_AUTH_SOCK" ] && export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
# Defaults
PROJECTDIR=/opt/ansible/projects
ANSIBLE_VAULT_PASSWORD_FILE=.ansible-vault
# Override any defaults that are set by the user
test -f $HOME/.runansible.conf && . $HOME/.runansible.conf
export ANSIBLE_VAULT_PASSWORD_FILE
usage="Usage: $0 [-p project] [-n name] [-r length] [-s] value-to-encrypt
-p project Name of the project to encrypt a value for
-f Instead of a value, encrypt this file
-n name Name of the variable, optional
-r length Use a randomly generated password, requires pwgen
-s Generates a fully random password with symbols (see NOTE)
-h This text
If the value-to-encrypt is not provided, the script will prompt for it.
NOTE: The pwgen program generates passwords which are designed to be easily
memorized by humans, while being as secure as possible. Passwords generated with
-s are not human-friendly (but can contain illegal symbols depending on the software
that uses it).
"
FILE=false
PWGEN=false
PWGEN_OPTS=''
VAULT_MODE='encrypt_string'
while getopts "fhn:p:r:s" opt; do
case ${opt} in
f)
FILE=true
VAULT_MODE='encrypt'
;;
p)
PROJECT="${OPTARG}"
;;
n)
VARNAME="${OPTARG}"
;;
r)
PWGEN=true
PWGEN_LENGTH="${OPTARG}"
;;
s)
PWGEN_OPTS='-s -y'
;;
h)
echo -e "$usage"
exit 0
;;
esac
done
shift $[$OPTIND -1]
INPUT="$@"
if $FILE && [ -f "$INPUT" ]
then
INPUT=$(realpath "$INPUT")
fi
if $PWGEN
then
INPUT=$(pwgen $PWGEN_OPTS $PWGEN_LENGTH 1)
fi
if [ -z "$INPUT" ]
then
echo 'Type the value to be encrypted, end with an empty line:'
while read i
do
if [ -z "$i" ]
then
INPUT=$(echo -e "$INPUT" | sed '/^[[:space:]]*$/d')
break
fi
INPUT+="$i\n"
done
fi
if [ -z "$PROJECT" ]
then
echo "$usage"
exit 1
fi
if $PWGEN
then
echo -e "Generated password: $INPUT \n"
fi
if [ -n "$VARNAME" ]
then
echo -n "$VARNAME: "
fi
cd $PROJECTDIR/$PROJECT
ansible-vault $VAULT_MODE "$INPUT"