在“交互模式"下使用 ansible-vault通过 bash 脚本 [英] Using ansible-vault in "interactive mode" via bash script
问题描述
我真的很喜欢在命令行上使用 ansible-vault 来轻松加密/解密文件.例如,如果我有一个名为 ~/fizzbuzz.foo 的纯文本文件,其内容如下:
I really love using ansible-vault on the command-line to encrypt/decrypt files easily. For example if I have a plaintext file called ~/fizzbuzz.foo with the following contents:
bupo
我可以像这样使用这个工具:
I can use this tool like so:
ansible-vault encrypt ~/fizzbuzz.foo
New Vault password: 123
Confirm New Vault password: 123
繁荣——加密!当我 vi ~/fizzbuzz.foo 现在:
Boom -- encrypted! When I vi ~/fizzbuzz.foo now:
$ANSIBLE_VAULT;1.1;AES256
36663138613666623730653164333138343133383233313562363733346461663334393932393461
6535316532366130316237633633663565663366323162660a666630613738363035343663353132
33383530653235393431633231313765656135626538353163323366363039633836613265383332
3762666261326466370a643164393166346634343636346634383039356665646531353062303765
3734
我想在 bash 脚本中使用它,我将加密/解密密码作为脚本参数传入:
I'd like to use this in a bash script where I pass the encryption/decryption password in as a script argument:
#!/bin/bash
# do some stuff
ansible-vault -i "bar" encrypt ~/fizzbuzz.foo
# do some more stuff
但是,我没有看到任何类似于 ansible-vault 的 交互式(例如 -i)参数/模式.我能找到的最好的是一种使用 env 文件的方法为 ansible-playbook 实用程序存储密码,但我玩弄了 ansible-vault 并找不到类似的行为.
However I don't see anything like an interactive (e.g. -i) argument/mode for ansible-vault. The best I could find was a way of using an env file for storing passwords for the ansible-playbook utility but I played around with ansible-vault and couldn't find a similar behavior for it.
有什么想法吗?
推荐答案
您需要先创建 Vault 密码文件,方法如下:
you need to create the vault password file first, here is how:
openssl rand -base64 512 |xargs >保险库密钥文件
我正在本地目录中创建 Vault 文件,但您可能想将其放在另一个目录中,例如 ~/.ansible_vault/.
i am creating the vault file at local directory, but probably you want to place it to another one, like ~/.ansible_vault/ for example.
然后创建/加密/解密文件,您使用:
then to create/encrypt/decrypt the file, you use:
对于新文件:
ansible-vault 创建 testfile.txt --vault-password-file=vaultkeyfile
用于加密现有文件:
ansible-vault encrypt testfile.txt --vault-password-file=vaultkeyfile
用于解密:
ansible-vault 解密 testfile.txt --vault-password-file=vaultkeyfile
执行上述操作时,您会注意到它不会要求输入密码.
when executing the above, you will notice it doesn't ask for password.
这篇关于在“交互模式"下使用 ansible-vault通过 bash 脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
