Topics

Ansible vault encrypt/decrypt shell script

#!/usr/bin/env 

####Usage
# ./vault.sh encrypt
# ./vault.sh dencrypt
# ./vault.sh encrypt /full/path/to/.yml
######

set -euo pipefail

cd `dirname $0`



if [ -z "$" ]; then
    read -s -p "Enter : " 
fi

VAULT_FILE=vault_key
echo "${}" > "${VAULT_FILE}"

ACTION=decrypt
if [ "$1" != "" ]; then
    ACTION="$1"
fi

=(group_vars/prod/*.yml)
if [ ! -z "${2-}" ]; then
    =("$2")
fi


 FILE in "${[@]}"
do
    if [ "${ACTION}" = "encrypt" ]; then
        echo "Encrypting ${FILE}"
        ansible-vault encrypt "${FILE}.decrypted" --output=$FILE --vault-password-file "${VAULT_FILE}"
    else
        echo "Decrypting ${FILE}"
        ansible-vault decrypt $FILE --output="${FILE}.decrypted" --vault-password-file "${VAULT_FILE}"
    fi
done

rm -rf "${VAULT_FILE}"