atom-ansible-vault
atom-ansible-vault copied to clipboard
Bulk decrypt all files in project
Would be great to bulk decrypt all vaulted files in project to allow global searching.
As per the Ansible Vault documentation, you can run
ansible-vault decrypt foo.yml bar.yml baz.yml
So in the background, you could search for all ansible vault headers ($ANSIBLE_VAULT
) and decrypt at once.
Hi, i think that bulk decryption is not very useful, but the possibility to search in vaulted files is fundamental. In this moment i'm developing in other branch this functionality.
In addition, on my first analisys, i found that the bulk decryption could add any problems to manage bulk re-encryption, so i opted to implement search funcionality.
Any news on the global searching?
I did try on a branch some changes, but nothing concrete! If you want create a PR, i will appreciate it! :+1:
I want to be able to use Atom's find in project on the encrypted data so I can match variables with secrets. Not sure about the workflow. What do you think?
Decrypt:
- find all files in project that start with
$ANSIBLE_VAULT;
- decrypt them all using the vault password, saving the paths in a temporary file
Encrypt:
- open temporary file, read all file paths
- encrypt all files with the vault password
- remove temporary file
Hooking into the 'find in project' so that it runs an ansible-vault view
as it visits each file is beyond my ability and possibly slow.
I think that you are right! Using ansible-vault view on the fly introduces a very large lag on 'find in project'. you did propose steps that i consider good.
In my mind i figured the process in this way:
- hooking 'find in project' call
- find all file that start with $ANSIBLE_VAULT string
- decrypt those files and save path in temporary file
- return control to 'find in project' function
- hooking the end of search
- re-encrypt all included files in temporary file
I needed this functionality and wrote a quick&dirty script that does the above without involving Atom: https://github.com/aioue/pilfer
@sydro if you think the logic can be be adapted into atom-ansible-vault
, I'd be happy to help test. My coding is good enough to make a PR for you.