Initial Commit

vault.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# If number of arguments is 0
+if [ $# -eq 0 ]
+  then
+    echo "This script will encrypt of decrypt all files containing secrets."
+    echo "There are all files in vars as well as all secrets.yaml files under each service."
+    echo "Specify 'decrypt' or 'encrypt' as argument"
+    echo "If you put the vault password in a password file named .vault_password, the script will not ask for a password."
+    exit 1
+fi
+
+files=`find . \( -type d -name 'group_vars' -o -name 'vars' \) -exec find {} -type f \;`
+
+# password_type=--ask-vault-password
+# if [ -f "~/.vault_password.txt" ]
+#   then
+#     if [ `stat -c %a ~/.vault_password.txt` != "600" ]
+#       then
+#         echo "~/.vault_password.txt file has bad permissions; fixing this to 600"
+#         chmod 600 ~/.vault_password.txt
+#     fi
+#     password_type="--vault-password-file=~/.vault_password.txt"
+# fi
+
+if [ $1 == "encrypt" ]
+  then
+    ansible-vault encrypt --vault-password-file=~/.vault_password.txt $files
+    for value in $files; do
+        echo $value;
+    done
+
+elif [ $1 == "decrypt" ]
+  then
+    ansible-vault decrypt --vault-password-file=~/.vault_password.txt $files
+    for value in $files; do
+        echo $value;
+    done
+else
+    echo "Wrong argument supplied.  Run without arguments to see allowed ones."
+fi