Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import sys
- from ansible.parsing.vault import PromptVaultSecret, VaultLib
- from ruamel.yaml import YAML
- old_secret = PromptVaultSecret(prompt_formats=["Old password: "])
- old_secret.load()
- new_secret = PromptVaultSecret(prompt_formats=["New password: "])
- new_secret.load()
- vl = VaultLib(secrets=[
- (None, old_secret)
- ])
- class VaultSecret:
- yaml_tag = u'!vault'
- def __init__(self, secret):
- self.secret = secret
- def __repr__(self):
- return '**SECRET**'
- @classmethod
- def to_yaml(cls, representer, node):
- assert isinstance(node, VaultSecret)
- return representer.represent_scalar(cls.yaml_tag, vl.encrypt(node.secret, new_secret).decode('utf-8'), style='|')
- @classmethod
- def from_yaml(cls, constructor, node):
- return VaultSecret(vl.decrypt(node.value))
- yaml = YAML()
- yaml.indent(mapping=2, sequence=4, offset=2)
- yaml.register_class(VaultSecret)
- with open(sys.argv[1], 'r') as orig:
- y = yaml.load(orig)
- with open(sys.argv[1], 'w') as dest:
- yaml.dump(y, dest)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement