fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 15:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prefer encrypted local Ansible vault password

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-04-03 10:54:48 +02:00
parent cf56aeb53d
commit cfc55af097
3 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/vault_password_client.sh
View File

@@ -4,8 +4,23 @@ set -eu
script_dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
repo_root=$(CDPATH= cd -- "$script_dir/.." && pwd)
vault_pass_gpg_file="$repo_root/secrets/.vault_pass.gpg"
vault_pass_file="$repo_root/secrets/.vault_pass"
if [ -r "$vault_pass_gpg_file" ]; then
if ! command -v gpg >/dev/null 2>&1; then
printf '%s\n' "Encrypted vault password file found at $vault_pass_gpg_file but gpg is not installed." >&2
exit 1
fi
if ! gpg --quiet --batch --decrypt "$vault_pass_gpg_file"; then
printf '%s\n' "Failed to decrypt vault password file at $vault_pass_gpg_file." >&2
exit 1
fi
exit 0
fi
if [ -r "$vault_pass_file" ]; then
IFS= read -r password < "$vault_pass_file" || password=''
printf '%s' "$password"
@@ -22,5 +37,5 @@ if [ -t 0 ]; then
exit 0
fi
printf '%s\n' "Vault password file not found at $vault_pass_file and no interactive TTY is available." >&2
printf '%s\n' "Vault password files not found at $vault_pass_gpg_file or $vault_pass_file and no interactive TTY is available." >&2
exit 1