Use multiple vault IDs with password files

2020-07-05 00:28:37 +05:00 · 2020-07-05 00:28:37 +05:00 · 8851a17a26
parent a51df26e2a
commit 8851a17a26
6 changed files with 30 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,7 @@
 /backups/*
 !/backups/.keep
 /playbooks/**/*.retry
+/secrets/*
+!/secrets/.keep
 /vendor/*
 !/vendor/.keep
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,5 +1,4 @@
 [defaults]
-ask_vault_pass = true
 inventory = hosts
 strategy = mitogen_linear
 strategy_plugins = vendor/mitogen-0.2.8/ansible_mitogen/plugins/strategy
--- a/bin/ansible
+++ b/bin/ansible
@ -0,0 +1,8 @@
+#!/bin/sh
+
+FILE=$(readlink -f "$0")
+DIR=$(dirname "$FILE")
+
+. "$DIR/extra_opts.sh"
+
+exec ansible "$@" $extra_opts
--- a/bin/ansible-playbook
+++ b/bin/ansible-playbook
@ -0,0 +1,8 @@
+#!/bin/sh
+
+FILE=$(readlink -f "$0")
+DIR=$(dirname "$FILE")
+
+. "$DIR/extra_opts.sh"
+
+exec ansible-playbook "$@" $extra_opts
--- a/bin/extra_opts.sh
+++ b/bin/extra_opts.sh
@ -0,0 +1,12 @@
+for vault_id in default kotovalexarian
+do
+  if [ -f "secrets/$vault_id" ]; then
+    if [ -z "$extra_opts" ]; then
+      extra_opts="--vault-id"
+    else
+      extra_opts="$extra_opts --vault-id"
+    fi
+
+    extra_opts="$extra_opts $vault_id@secrets/$vault_id"
+  fi
+done
--- a/secrets/.keep
+++ b/secrets/.keep