Giters

apenella / go-ansible

Go-ansible is a Go package that enables the execution of ansible-playbook or ansible commands directly from Golang applications. It supports a wide range of options for each command, enabling smooth integration of Ansible functionality into your projects.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Generate vaulted extra-vars

apenella opened this issue · comments

commented

Generate vaulted extra-vars

That feature intends to solve the problem of how to pass to vaulted variables through extra-vars.
Ansible can read vaulted variables from a file however it does not provide a straightforward solution to pass vaulted data through an extra-vars.

To achieve that you need to generate an encrypted string and prepare a JSON with the ansible-vault result. That JSON can be passed as an extra-var.

Here you have an example of that JSONed vaulted variable.

{
  "secret_var_name": {
    "__ansible_vault": "$ANSIBLE_VAULT;1.2;AES256; VAULTED_DATA"
  }
}

The proposal is to add a method with that signature:

AddVaultedExtraVar(string var_name,  var_plain_value) string

Which returns the extra-var parameter having a variable vaulted in JSON format:

--extra-var '{ "secret_var_name": {"__ansible_vault": "$ANSIBLE_VAULT;1.2;AES256;VAULTED_DATA"}}

How to achieve the vault string

The AnsiblePlaybookCmd and AnsibleAdhocCmd would need a vault generator that could accept multi-password readers: such as text, file or environment variables.

The library https://github.com/sosedoff/ansible-vault-go can be used to achieve that.