atom-ansible-vault icon indicating copy to clipboard operation
atom-ansible-vault copied to clipboard

Published 20 hours ago verified publisher icon sydro

Bulk decrypt all files in project

Open aioue opened this issue 7 years ago • 8 comments

Would be great to bulk decrypt all vaulted files in project to allow global searching.

aioue avatar Aug 11 '16 07:08 aioue

As per the Ansible Vault documentation, you can run

ansible-vault decrypt foo.yml bar.yml baz.yml

So in the background, you could search for all ansible vault headers ($ANSIBLE_VAULT) and decrypt at once.

aioue avatar Oct 27 '16 10:10 aioue

Hi, i think that bulk decryption is not very useful, but the possibility to search in vaulted files is fundamental. In this moment i'm developing in other branch this functionality.

In addition, on my first analisys, i found that the bulk decryption could add any problems to manage bulk re-encryption, so i opted to implement search funcionality.

sydro avatar Nov 03 '16 15:11 sydro

Any news on the global searching?

aioue avatar Oct 05 '17 10:10 aioue

I did try on a branch some changes, but nothing concrete! If you want create a PR, i will appreciate it! :+1:

sydro avatar Oct 05 '17 13:10 sydro

I want to be able to use Atom's find in project on the encrypted data so I can match variables with secrets. Not sure about the workflow. What do you think?

Decrypt:

  • find all files in project that start with $ANSIBLE_VAULT;
  • decrypt them all using the vault password, saving the paths in a temporary file

Encrypt:

  • open temporary file, read all file paths
  • encrypt all files with the vault password
  • remove temporary file

Hooking into the 'find in project' so that it runs an ansible-vault view as it visits each file is beyond my ability and possibly slow.

aioue avatar Oct 06 '17 16:10 aioue

I think that you are right! Using ansible-vault view on the fly introduces a very large lag on 'find in project'. you did propose steps that i consider good.

In my mind i figured the process in this way:

  1. hooking 'find in project' call
  2. find all file that start with $ANSIBLE_VAULT string
  3. decrypt those files and save path in temporary file
  4. return control to 'find in project' function
  5. hooking the end of search
  6. re-encrypt all included files in temporary file

sydro avatar Oct 08 '17 08:10 sydro

I needed this functionality and wrote a quick&dirty script that does the above without involving Atom: https://github.com/aioue/pilfer

aioue avatar Sep 07 '18 16:09 aioue

@sydro if you think the logic can be be adapted into atom-ansible-vault, I'd be happy to help test. My coding is good enough to make a PR for you.

aioue avatar Sep 20 '18 13:09 aioue