Ansible-vault encrypt; return value if already encrypted

DengelFred · August 4, 2024, 9:02pm

Hello,

I would like to run the encryption of some files automatically during git commit.
Unfortunately ansible-vault returns an error if the files are already encrypted, but this is obviously not an error, it’s the expected state.
But I need a return value of 0 (even if the files are already encrypted) in order to run it during the pre-commit checks.
Any Idea how to do that?

Thanks a lot
Thomas

bcoca · August 5, 2024, 2:31pm

No, not currently, but you can ‘skip’ those files if you use the ‘vault_encrypted’ test:

- shell: ansible-vault .... {{ item}}
  when: '{{ lookup("file", item) is not vault_encrypted}}'
  loop: ' {{ myfiles}}'

DengelFred · August 6, 2024, 3:52pm

Thanks a lot!
I need this in a shell script (git hook) - Is there such a test for the shell as well?

bcoca · August 6, 2024, 4:10pm

adding a ‘vaulted file test’ Add vaulted_file test by bcoca · Pull Request #83717 · ansible/ansible · GitHub

But to test from shell, use ansible? just have a playbook with an assert and have it pass/fail as needed

Topic		Replies	Views
Syntax check without vault passwords Get Help ansible-lint	3	170	December 11, 2023
Is `--vault-password-file` on demand, does the script get executed every time an encrypted file is loaded, or just once at the start? Get Help	2	182	November 10, 2023
References for using Ansible-Vault's APIs in a Python script Get Help ansible-vault	4	176	May 8, 2024
Facilitate ansible-vaulting of variables from within text editors Project Discussions ansible-vault , yaml	0	233	November 22, 2023
Accessing encrypted configuration values with a plugin Get Help config , plugin , ansible-vault	5	36	November 1, 2024

Ansible-vault encrypt; return value if already encrypted

Related topics