It's to be used outside of ansible, to help change vaulted vars more easily for users. I'll look at your snippet and see if I can make it work for me, I was trying to avoid running `ansible-vault` using pure python. On Wednesday, August 31, 2022 at 7:55:07 PM UTC+2 uto...@gmail.com wrote:
> It isn't clear whether you're trying to do this inside or outside of > Ansible. If outside, you can have your python script call ansible-vault and > pass the data you want to encrypt or decrypt via stdin/stdout. I got this > working in > > https://gist.github.com/utoddl/66baa4154618ba1fc8ec8127483e7e89 > > which is a filter I can pass a subset of yaml data through from $EDITOR, > and it will decrypt encrypted values, or decrypt encrypted values. It > preserves the original yaml's indentation, so greatly simplifies > maintenance of secrets in otherwise readable vars files. (ToDo: It doesn't > preserve comments.) You should be able to adapt it for your purposes. > Here's the blurb from the top of that gist: > > """Filter for "ansible-vault"ing YAML Data Values > > This script allows an ansible user to pass lines of yaml data > through it to get string values vaulted and/or already-vaulted values > unvaulted, thus simplifying the maintenance of vaulted strings in > Ansible vars files and eliminating the need to vault entire files. > > It takes a single optional positional argument, which is the > Ansible vault identity to use for encryption. This defaults to the > value of the ANSIBLE_VAULT_IDENTITY environment variable. If any > encryption is performed, either the environment variable or the > positional parameter must be provided. (Values from any ansible.cfg > files are insufficient.) """ > > On Wednesday, August 31, 2022 at 10:51:46 AM UTC-4 bc...@redhat.com wrote: > >> Modules should not have direct access to vault secrets, but you can >> provide them to module options via the unvault/vault filters: (last >> ones in section) >> >> >> https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords >> -- >> ---------- >> Brian Coca >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/80c79560-a9fa-41c4-87b4-068175f6e0f5n%40googlegroups.com.
