semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard
verified publisher icon semaphoreui

feat(be): Add Ansible Vault Password Client Script

Open Omicron7 opened this issue 1 year ago • 3 comments

This adds the ability to use Ansible Vault Password Client Script support for decrypting Ansible Vault. See https://docs.ansible.com/ansible/latest/vault_guide/vault_managing_passwords.html#storing-passwords-in-third-party-tools-with-vault-password-client-scripts

Script name must end in -client excluding the extension. Vault Passwords were switched from using --ask-vault-pass to --vault-id=@prompt. Client Scripts and Passwords were tested locally and are functioning properly.

The combination of this Pull Request and #2392 will allow specifying multiple Client Scripts or a combination of Client Scripts and Passwords.

This is the same as #2360 but rebased on develop.

Fixes #2359

Omicron7 avatar Oct 07 '24 13:10 Omicron7

Hi @Omicron7

I don't think that storing script file name in the secret is a right approach.

I think we can extend TemplateVault model and add fields type (with values secret or script) and script_filename to it.

fiftin avatar Oct 11 '24 15:10 fiftin

I don't think that storing script file name in the secret is a right approach.

@fiftin Makes sense. When I first implemented this, TemplateVault didn't exist yet. I'll work on refactoring this.

Omicron7 avatar Oct 11 '24 15:10 Omicron7

@Omicron7 Thanks a lot!

fiftin avatar Oct 11 '24 15:10 fiftin

@fiftin This should be good to go. I moved all of the functionality from AccessKey to TemplateVault. Not sure why Codacy check is giving me issues again.

Omicron7 avatar Oct 22 '24 20:10 Omicron7

Thank you! Will review ASAP. Codacy doesn't like SQL migrations. I don't know how to disable this check.

fiftin avatar Oct 27 '24 11:10 fiftin

Hey @fiftin 👋 Is there a plan when this feature will be released? 🤔 v2.10.35 does not contain this fix, right?

niklasweimann avatar Nov 05 '24 14:11 niklasweimann