Topics

Ansible vault encrypt/decrypt shell script

#!/usr/bin/env 

####Usage
# ./vault.sh encrypt
# ./vault.sh dencrypt
# ./vault.sh encrypt /full/path/to/.yml
######

set -euo pipefail

cd `dirname $0`



if [ -z "$" ]; then
    read -s -p "Enter : " 
fi

VAULT_=vault_key
echo "${PASSWORD}" > "${VAULT_}"

ACTION=decrypt
if [ "$1" != "" ]; then
    ACTION="$1"
fi

=(group_vars/prod/*.yml)
if [ ! -z "${2-}" ]; then
    =("$2")
fi


  in "${FILES[@]}"
do
    if [ "${ACTION}" = "encrypt" ]; then
        echo "Encrypting ${}"
        ansible-vault encrypt "${}.decrypted" --output=$ --vault-password- "${VAULT_}"
    else
        echo "Decrypting ${}"
        ansible-vault decrypt $ --output="${}.decrypted" --vault-password- "${VAULT_}"
    fi
done

rm -rf "${VAULT_}"