It isn't clear whether you're trying to do this inside or outside of Ansible. If outside, you can have your python script call ansible-vault and pass the data you want to encrypt or decrypt via stdin/stdout. I got this working in
https://gist.github.com/utoddl/66baa4154618ba1fc8ec8127483e7e89 which is a filter I can pass a subset of yaml data through from $EDITOR, and it will decrypt encrypted values, or decrypt encrypted values. It preserves the original yaml's indentation, so greatly simplifies maintenance of secrets in otherwise readable vars files. (ToDo: It doesn't preserve comments.) You should be able to adapt it for your purposes. Here's the blurb from the top of that gist: """Filter for "ansible-vault"ing YAML Data Values This script allows an ansible user to pass lines of yaml data through it to get string values vaulted and/or already-vaulted values unvaulted, thus simplifying the maintenance of vaulted strings in Ansible vars files and eliminating the need to vault entire files. It takes a single optional positional argument, which is the Ansible vault identity to use for encryption. This defaults to the value of the ANSIBLE_VAULT_IDENTITY environment variable. If any encryption is performed, either the environment variable or the positional parameter must be provided. (Values from any ansible.cfg files are insufficient.) """ On Wednesday, August 31, 2022 at 10:51:46 AM UTC-4 bc...@redhat.com wrote: > Modules should not have direct access to vault secrets, but you can > provide them to module options via the unvault/vault filters: (last > ones in section) > > > https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords > -- > ---------- > Brian Coca > > -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/f601a751-a88f-4788-b1ce-eebf9cfb4f58n%40googlegroups.com.
