decryptAnsibleVault.sh

1. #!/usr/bin/env bash
2.  
3. function usage(){
4.   echo "Usage:"
5.   echo "  $(basename $0) path/to/keyvault.yml 'thepassword'"
6. }
7.  
8. [ $# -ne 2 ] && usage && exit;
9. [ ! -f $1 ] && echo "$file not found!" && exit
10.  
11. file=$(realpath $1)
12. password=$2
13. outfile="${file%.*}[decrypted].${file##*.}"
14.  
15. tmpfile=$(mktemp)
16. item=''
17. skip=false
18. s='[[:space:]]*' w='[a-zA-Z0-9_\.]*' c='^[[:space:]]*#'
19.  
20. IFS=''
21. while read -r line; do
22.   if [[ -z "${line// }" ]] || [[ $line =~ $w: ]]; then
23.     skip=false
24.   fi
25.   if [[ ! $line =~ $c ]] && [[ $line =~ $w: ]]; then
26.     skip=true
27.     var=$(echo $line | sed "s|^\($s.*\):.*|\1|")
28.     val=$(echo $line | sed "s|^$s.*:$s\(.*\)$s\$|\1|")
29.     if [[ $var =~ ^$w$ ]]; then
30.       item=''
31.     fi
32.     if [[ -z $val ]]; then
33.       echo -e "$line" >> $tmpfile
34.       item+=$var.
35.     else
36.       echo -e "$var: {{ $item$(echo $var | xargs) }}" >> $tmpfile
37.     fi
38.   elif [[ "$skip" = false ]]; then
39.     echo -e "$line" >> $tmpfile
40.   fi
41. done <$file
42.  
43. playbook="---
44. - hosts: localhost
45.  gather_facts: no
46.  tasks:
47.    - include_vars: $file
48.    - template:
49.        src: $tmpfile
50.        dest: $outfile
51. "
52.  
53. ansible-playbook --vault-password-file <(echo $password) <(echo -e $playbook) >/dev/null 2>&1
54. [ $? -ne 0 ] && echo Failed! && exit 1
55. rm -f $tmpfile
56.