ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-23 21:30:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add option to ansible-vault to read new password from file for rekey

Browse source 
The --new-vault-password-file option works the same as
--vault-password-file but applies only to rekeying (when
--vault-password-file sets the old password). Also update the manpage
to document these options more fully.
This commit is contained in:
Richard Poole 2015-07-28 10:48:57 +01:00 committed by Abhijit Menon-Sen
commit 3090a45891
4 changed files with 31 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/ansible/cli/vault.py
View file

@ -77,6 +77,10 @@ class VaultCLI(CLI):
else:
self.vault_pass, _= self.ask_vault_passwords(ask_vault_pass=True, ask_new_vault_pass=False, confirm_new=False)
if self.options.new_vault_password_file:
# for rekey only
self.new_vault_pass = CLI.read_vault_password_file(self.options.new_vault_password_file)
if not self.vault_pass:
raise AnsibleOptionsError("A password is required to use Ansible's Vault")
@ -125,7 +129,11 @@ class VaultCLI(CLI):
for f in self.args:
if not (os.path.isfile(f)):
raise AnsibleError(f + " does not exist")
__, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
if self.new_vault_pass:
new_password = self.new_vault_pass
else:
__, new_password = self.ask_vault_passwords(ask_vault_pass=False, ask_new_vault_pass=True, confirm_new=True)
for f in self.args:
this_editor = VaultEditor(None, self.vault_pass, f)