mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-08-04 21:24:24 -07:00
Before decrypting check if vault password is set or error early
Fixes #8926
This commit is contained in:
parent
5850467bc1
commit
9d45f3a65e
1 changed files with 5 additions and 0 deletions
|
@ -738,6 +738,11 @@ def parse_yaml_from_file(path, vault_password=None):
|
||||||
|
|
||||||
vault = VaultLib(password=vault_password)
|
vault = VaultLib(password=vault_password)
|
||||||
if vault.is_encrypted(data):
|
if vault.is_encrypted(data):
|
||||||
|
# if the file is encrypted and no password was specified,
|
||||||
|
# the decrypt call would throw an error, but we check first
|
||||||
|
# since the decrypt function doesn't know the file name
|
||||||
|
if vault_password is None:
|
||||||
|
raise errors.AnsibleError("A vault password must be specified to decrypt %s" % path)
|
||||||
data = vault.decrypt(data)
|
data = vault.decrypt(data)
|
||||||
show_content = False
|
show_content = False
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue