在“交互模式"中使用ansible-Vault.通过bash脚本 [英] Using ansible-vault in "interactive mode" via bash script
问题描述
我真的很喜欢在命令行上使用 ansible-vault 轻松加密/解密文件.例如,如果我有一个名为〜/fizzbuzz.foo 的纯文本文件,其内容如下:
I really love using ansible-vault on the command-line to encrypt/decrypt files easily. For example if I have a plaintext file called ~/fizzbuzz.foo with the following contents:
bupo
我可以这样使用该工具:
I can use this tool like so:
ansible-vault encrypt ~/fizzbuzz.foo
New Vault password: 123
Confirm New Vault password: 123
Boom-加密!当我现在 vi〜/fizzbuzz.foo 时:
Boom -- encrypted! When I vi ~/fizzbuzz.foo now:
$ANSIBLE_VAULT;1.1;AES256
36663138613666623730653164333138343133383233313562363733346461663334393932393461
6535316532366130316237633633663565663366323162660a666630613738363035343663353132
33383530653235393431633231313765656135626538353163323366363039633836613265383332
3762666261326466370a643164393166346634343636346634383039356665646531353062303765
3734
我想在bash脚本中使用此密码,在该脚本中,我将加密/解密密码作为脚本参数传递进来:
I'd like to use this in a bash script where I pass the encryption/decryption password in as a script argument:
#!/bin/bash
# do some stuff
ansible-vault -i "bar" encrypt ~/fizzbuzz.foo
# do some more stuff
但是,我看不到 ansible-vault 的 interactive (例如 -i )参数/模式.我能找到的最好的是一种使用env文件用于存储 ansible-playbook 实用程序的密码,但是我玩过 ansible-vault ,却找不到类似的行为.
However I don't see anything like an interactive (e.g. -i) argument/mode for ansible-vault. The best I could find was a way of using an env file for storing passwords for the ansible-playbook utility but I played around with ansible-vault and couldn't find a similar behavior for it.
有什么想法吗?
推荐答案
您需要首先创建Vault密码文件,方法如下:
you need to create the vault password file first, here is how:
openssl rand -base64 512 | xargs>vaultkeyfile
我正在本地目录中创建Vault文件,但是您可能希望将其放置到另一个文件中,例如〜/.ansible_vault/.
i am creating the vault file at local directory, but probably you want to place it to another one, like ~/.ansible_vault/ for example.
然后使用以下命令创建/加密/解密文件:
then to create/encrypt/decrypt the file, you use:
对于新文件:
ansible-vault创建testfile.txt --vault-password-file = vaultkeyfile
用于加密现有文件:
ansible-vault加密testfile.txt --vault-password-file = vaultkeyfile
用于解密:
ansible-vault解密testfile.txt --vault-password-file = vaultkeyfile
执行上述操作时,您会发现它并没有要求输入密码.
when executing the above, you will notice it doesn't ask for password.
这篇关于在“交互模式"中使用ansible-Vault.通过bash脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
