#!/usr/bin/env bash # SPDX-FileCopyrightText: 2023 Max Mehl # # SPDX-License-Identifier: Apache-2.0 CMD=$1 # Encrypt string if [[ $CMD == "encrypt-string" ]]; then pass=$2 vaultpw=$(echo -n "$pass" | ansible-vault encrypt_string 2> /dev/null) # Decrypt string elif [[ $CMD == "decrypt-string" ]]; then host=$2 var=$3 # run ansible msg for variable # send return as JSON vaultpw=$(ANSIBLE_LOAD_CALLBACK_PLUGINS=1 ANSIBLE_STDOUT_CALLBACK=json ansible "$host" -m debug -a "msg={{$var}}" 2> /dev/null) # Parse JSON to just get the "msg" vaultpw=$(jq -r ".plays[].tasks[].hosts[].msg" <<< "$vaultpw") # Encrypt file elif [[ $CMD == "encrypt-file" ]]; then file=$2 ansible-vault encrypt "$file" # Decrypt file elif [[ $CMD == "decrypt-file" ]]; then file=$2 ansible-vault decrypt "$file" else echo "Invalid command" echo "" echo "Usage:" echo "ansible-vault-tools encrypt-string " echo "ansible-vault-tools decrypt-string " echo "" echo "ansible-vault-tools encrypt-file " echo "ansible-vault-tools decrypt-file " exit 1 fi echo "$vaultpw"