42 lines
1.3 KiB
Bash
42 lines
1.3 KiB
Bash
|
#!/bin/bash
|
||
|
|
|
||
|
|
# If number of arguments is 0
|
||
|
|
if [ $# -eq 0 ]
|
||
|
|
then
|
||
|
|
echo "This script will encrypt of decrypt all files containing secrets."
|
||
|
|
echo "There are all files in vars as well as all secrets.yaml files under each service."
|
||
|
|
echo "Specify 'decrypt' or 'encrypt' as argument"
|
||
|
|
echo "If you put the vault password in a password file named .vault_password, the script will not ask for a password."
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
files=`find . \( -type d -name 'group_vars' -o -name 'vars' \) -exec find {} -type f \;`
|
||
|
|
|
||
|
|
# password_type=--ask-vault-password
|
||
|
|
# if [ -f "~/.vault_password.txt" ]
|
||
|
|
# then
|
||
|
|
# if [ `stat -c %a ~/.vault_password.txt` != "600" ]
|
||
|
|
# then
|
||
|
|
# echo "~/.vault_password.txt file has bad permissions; fixing this to 600"
|
||
|
|
# chmod 600 ~/.vault_password.txt
|
||
|
|
# fi
|
||
|
|
# password_type="--vault-password-file=~/.vault_password.txt"
|
||
|
|
# fi
|
||
|
|
|
||
|
|
if [ $1 == "encrypt" ]
|
||
|
|
then
|
||
|
|
ansible-vault encrypt --vault-password-file=~/.vault_password.txt $files
|
||
|
|
for value in $files; do
|
||
|
|
echo $value;
|
||
|
|
done
|
||
|
|
|
||
|
|
elif [ $1 == "decrypt" ]
|
||
|
|
then
|
||
|
|
ansible-vault decrypt --vault-password-file=~/.vault_password.txt $files
|
||
|
|
for value in $files; do
|
||
|
|
echo $value;
|
||
|
|
done
|
||
|
|
else
|
||
|
|
echo "Wrong argument supplied. Run without arguments to see allowed ones."
|
||
|
|
fi
|