python-ansible-vault-rotate icon indicating copy to clipboard operation
python-ansible-vault-rotate copied to clipboard

Published 20 hours ago verified publisher icon trustedshops-public

Metadata

Advanced Python CLI to rotate the secret used for ansible vault inline secrets and files in a project

python-ansible-vault-rotate

GitHub License pre-commit CircleCI PyPI version codecov Quality Gate Status Maintainability Rating Security Rating

Advanced Python CLI to rotate the secret used for ansible vault inline secrets and files in a project

Features

  • Reencrypt vault files
  • Reencrypt inline vaulted secrets

Installation

It is strongly recommended to use pipx instead of pip if possible:

pipx install ansible-vault-rotate

Otherwise you can also use plain pip, but be warned that this might collide with your ansible installation globally!

pip install ansible-vault-rotate

Usage

Rekey given vault secret with new secret specified on CLI

ansible-vault-rotate --old-vault-secret-source file://my-vault-password \
                     --new-vault-secret-source my-new-secret \
                     --update-source-secret

Rekey only specific files (e.g. when using multiple keys per stage)

ansible-vault-rotate --old-vault-secret-source file://my-vault-password-<stage> \
                     --new-vault-secret-source my-new-secret \
                     --file-glob-pattern group_vars/<stage>/*.yml \
                     --update-source-secret

Getting help about all args

ansible-vault-rotate --help

Development

For development, you will need:

  • Python 3.9 or greater
  • Poetry

Install

poetry install

Run tests

poetry run pytest

Metadata

22
Stars
2
Forks
Watchers

Owner

verified publisher icon trustedshops-public

Metadata

Advanced Python CLI to rotate the secret used for ansible vault inline secrets and files in a project

Back