Re: [ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-09-06 Thread Todd Lewis
That is interesting. It's been several years since I could use a single ANSIBLE_VAULT_PASSWORD_FILE, and that shows in my solution. It may be trivial to adapt that post's technique to use ANSIBLE_VAULT_IDENTITY_LIST and ANSIBLE_VAULT_IDENTITY if they are available and avoid `ansible-vault`'s st

Re: [ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-09-05 Thread Jonathan Renon
Hello, I've found a post explaining a way to encrypt using VaultLib from ansible.parsing.vault, using encrypt method and then recreate the flag format of encrypt_string using pyyaml module. On Thursday, September 1, 2022 at 12:57:10 PM UTC

Re: [ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-09-01 Thread Todd Lewis
Sounds like we're both addressing the same issue. I've included below our internal docs for using this filter. It addresses vim, but any editor that can pass a subset of lines through a filter should be able to use it. It's simpler to write your YAML variable definitions and values as you nor

Re: [ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-09-01 Thread Jonathan Renon
It's to be used outside of ansible, to help change vaulted vars more easily for users. I'll look at your snippet and see if I can make it work for me, I was trying to avoid running `ansible-vault` using pure python. On Wednesday, August 31, 2022 at 7:55:07 PM UTC+2 uto...@gmail.com wrote: > It i

Re: [ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-08-31 Thread Todd Lewis
It isn't clear whether you're trying to do this inside or outside of Ansible. If outside, you can have your python script call ansible-vault and pass the data you want to encrypt or decrypt via stdin/stdout. I got this working in https://gist.github.com/utoddl/66baa4154618ba1fc8ec8127483e7e89

Re: [ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-08-31 Thread Brian Coca
Modules should not have direct access to vault secrets, but you can provide them to module options via the unvault/vault filters: (last ones in section) https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#hashing-and-encrypting-strings-and-passwords -- -- Brian Coca

[ansible-devel] edit/create encrypted vars in python script (vault encrypt_string)

2022-08-31 Thread Jonathan Renon
Hello, I was wondering if there was any method exposed to create/modify `encrypted string` using ansible python module in a python script. I was able to read and display `encrypted vars` value using ansible.parsing.dataloade, but I can't figure a way to create a new vault encrypted var. TL;DR: