Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- function usage(){
- echo "Usage:"
- echo " $(basename $0) path/to/keyvault.yml 'thepassword'"
- }
- function encrypt(){
- ansible-vault encrypt_string $1 --vault-password-file <(echo $2) | grep -v "Encryption successful"
- }
- [ $# -ne 2 ] && usage && exit;
- [ ! -f $1 ] && echo "$file not found!" && exit
- file=$(realpath $1)
- password=$2
- if [[ $file =~ "[decrypted]" ]]; then
- outfile="${file%%\[decrypted\]*}.${file##*.}"
- else
- outfile="$file"
- fi
- yamllint -d "{rules: {line-length: disable}}" "$file"
- [ $? -ne 0 ] && echo Failed! && exit
- tmpfile=$(mktemp)
- item=''
- s='[[:space:]]*' w='[a-zA-Z0-9_]*' c='^[[:space:]]*#'
- IFS=''
- while read -r line; do
- if [[ ! $line =~ $c ]] && [[ $line =~ $w: ]]; then
- var=$(echo $line | sed "s|^\($s.*\):.*|\1|")
- if [[ ! $var =~ ^$s$w$ ]]; then
- echo "Invalid character(s) used in secret name! (valid: a-zA-Z0-9_.)"
- echo ">> [$item$(echo $var | xargs)]"
- exit 1
- elif [[ $var =~ ^$w$ ]]; then
- item=''
- fi
- val=$(echo $line | sed "s|^$s.*:$s\(.*\)$s\$|\1|")
- if [[ -z $val ]]; then
- echo -e "$line" >> $tmpfile
- item+=$var.
- else
- echo -e "$var: $(encrypt $val $password)" >> $tmpfile
- echo ">> [$item$(echo $var | xargs)]"
- fi
- else
- echo -e "$line" >> $tmpfile
- fi
- done <$file
- mv "$tmpfile" "$outfile"
Add Comment
Please, Sign In to add comment
