ansible-vars 1.0.8__py3-none-any.whl → 1.0.10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ansible_vars/cli.py +29 -3
- {ansible_vars-1.0.8.dist-info → ansible_vars-1.0.10.dist-info}/METADATA +5 -1
- ansible_vars-1.0.10.dist-info/RECORD +12 -0
- ansible_vars-1.0.8.dist-info/RECORD +0 -12
- {ansible_vars-1.0.8.dist-info → ansible_vars-1.0.10.dist-info}/WHEEL +0 -0
- {ansible_vars-1.0.8.dist-info → ansible_vars-1.0.10.dist-info}/entry_points.txt +0 -0
- {ansible_vars-1.0.8.dist-info → ansible_vars-1.0.10.dist-info}/licenses/LICENSE +0 -0
ansible_vars/cli.py
CHANGED
|
@@ -134,6 +134,10 @@ Decrypt a string and return it or fully decrypt a file in-place. Uses the first
|
|
|
134
134
|
''',
|
|
135
135
|
'cmd_is_enc': '''
|
|
136
136
|
Check if a string or file is (fully) vault-encrypted.
|
|
137
|
+
''',
|
|
138
|
+
'cmd_rekey': '''
|
|
139
|
+
Update a vault's ciphers with a new encryption key and/or salt.
|
|
140
|
+
The key referenced by `--encryption-key|-K <identifier>` and/or the salt set by `--fixed-salt|-S <salt>` are used for re-encryption.
|
|
137
141
|
''',
|
|
138
142
|
'cmd_convert': '''
|
|
139
143
|
Switch a file between full outer and full inner encryption for convenient migrating between encryption schemes.
|
|
@@ -338,6 +342,13 @@ cmd_is_enc.add_argument('target', type=str, metavar='<vault path | string>', hel
|
|
|
338
342
|
.completer = _prefixed_path_completer # type: ignore
|
|
339
343
|
cmd_is_enc.add_argument('--quiet', '-q', action='store_true', help='no output, only set the rc to 0 if encrypted or 100 if unencrypted')
|
|
340
344
|
|
|
345
|
+
cmd_rekey = commands.add_parser(
|
|
346
|
+
'rekey', help='update a vault\'s encryption key (from -K) and/or salt (from -S)', description=HELP['cmd_rekey'],
|
|
347
|
+
formatter_class=RawDescriptionHelpFormatter
|
|
348
|
+
)
|
|
349
|
+
cmd_rekey.add_argument('vault_path', type=str, metavar='<vault path>', help='path of vault to rekey') \
|
|
350
|
+
.completer = _prefixed_path_completer # type: ignore
|
|
351
|
+
|
|
341
352
|
cmd_convert = commands.add_parser(
|
|
342
353
|
'convert', help='switch vault between outer (file) and inner (vars) encryption', description=HELP['cmd_convert'],
|
|
343
354
|
formatter_class=RawDescriptionHelpFormatter
|
|
@@ -765,12 +776,12 @@ if config.command == 'info':
|
|
|
765
776
|
if encrypted_leaves:
|
|
766
777
|
print('\n'.join([ f"- { format_key_path(key) }" for key in encrypted_leaves ]))
|
|
767
778
|
else:
|
|
768
|
-
print('
|
|
779
|
+
print('None', Color.MEH)
|
|
769
780
|
print('\nPlain leaf values:', Color.GOOD)
|
|
770
|
-
if
|
|
781
|
+
if plain_leaves:
|
|
771
782
|
print('\n'.join([ f"- { format_key_path(key) }" for key in plain_leaves ]))
|
|
772
783
|
else:
|
|
773
|
-
print('
|
|
784
|
+
print('None', Color.MEH)
|
|
774
785
|
|
|
775
786
|
# Encrypt & Decrypt & Is-Encrypted commands
|
|
776
787
|
|
|
@@ -832,6 +843,21 @@ if config.command in [ 'encrypt', 'decrypt', 'is-encrypted' ]:
|
|
|
832
843
|
else:
|
|
833
844
|
print(f"Value is { 'encrypted' if is_encrypted else 'plain' }.", Color.GOOD if is_encrypted else Color.MEH)
|
|
834
845
|
|
|
846
|
+
# Rekey command
|
|
847
|
+
|
|
848
|
+
if config.command == 'rekey':
|
|
849
|
+
vault_path: str = resolve_vault_path(config.vault_path)
|
|
850
|
+
if not config.encryption_key:
|
|
851
|
+
print(f"No explicit encryption key specified, falling back to '{ keyring.encryption_key.id }'", Color.MEH)
|
|
852
|
+
# Since ciphers are usually not changed from load to save, we force re-encryption by loading from an editable
|
|
853
|
+
vault = VaultFile(vault_path, keyring=keyring)
|
|
854
|
+
vault = VaultFile.from_editable(vault, vault.as_editable())
|
|
855
|
+
vault.save()
|
|
856
|
+
print(
|
|
857
|
+
f"Re-encrypted vault with key '{ keyring.encryption_key.id }' and a { 'fixed' if config.fixed_salt else 'random' } salt",
|
|
858
|
+
Color.GOOD
|
|
859
|
+
)
|
|
860
|
+
|
|
835
861
|
# Convert command
|
|
836
862
|
|
|
837
863
|
if config.command == 'convert':
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: ansible-vars
|
|
3
|
-
Version: 1.0.
|
|
3
|
+
Version: 1.0.10
|
|
4
4
|
Summary: Manage vaults and variable files for Ansible
|
|
5
5
|
Project-URL: Homepage, https://github.com/xorwow/ansible-vars
|
|
6
6
|
Project-URL: Issues, https://github.com/xorwow/ansible-vars/issues
|
|
@@ -178,6 +178,10 @@ Shows the amounts of encrypted and decrypted variables in a vault file. Supports
|
|
|
178
178
|
|
|
179
179
|
En-/Decrypts or checks the encryption status of a file or string value. Note that only full file encryption is considered in file mode, a hybrid vault with individually encrypted variables will be counted as plain.
|
|
180
180
|
|
|
181
|
+
#### rekey
|
|
182
|
+
|
|
183
|
+
Re-encrypts a vault file with a different encryption key and/or salt. The key specified in the global `--encryption-key|-K <identifier>` flag is used for encryption, along with an optional fixed salt set via the global `--fixed-salt|-S <salt>` flag.
|
|
184
|
+
|
|
181
185
|
#### convert
|
|
182
186
|
|
|
183
187
|
Convenience function to convert between fully encrypted vaults and hybrid vaults. Useful if you wish to convert your "legacy" fully encrypted vaults to plain files with all string values individually encrypted. Works both ways.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
ansible_vars/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
+
ansible_vars/cli.py,sha256=h57SwR1_DBcYc9AIqh-QPBy5QzyCdftC96aUCkL6lSI,65209
|
|
3
|
+
ansible_vars/constants.py,sha256=Nd3sIuSoOvyfUfHfnsnJBDGMW7eNzbMm1NAvEQio9hE,1624
|
|
4
|
+
ansible_vars/errors.py,sha256=6dzyksPKWira9O2-Ir3MIOwr4XjN9MSBiRp5e6siY6Q,1256
|
|
5
|
+
ansible_vars/util.py,sha256=UwGPBT19pee7lBpWuBzLPAvcrHUBAn6i1MrJvzM9OQ4,21265
|
|
6
|
+
ansible_vars/vault.py,sha256=cMvFdtc3bw6yf-aChUEP34k2yafWS2UuubFO84De_rA,46383
|
|
7
|
+
ansible_vars/vault_crypt.py,sha256=nh2k686nTI3yERIp-qzx5iDE1kZKg10YG019QeZDnLM,10019
|
|
8
|
+
ansible_vars-1.0.10.dist-info/METADATA,sha256=E2dpvolHZp2WhfSpE1nAf3UpdvvZ5Xmt3vr4TcG-ik8,18231
|
|
9
|
+
ansible_vars-1.0.10.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
10
|
+
ansible_vars-1.0.10.dist-info/entry_points.txt,sha256=RrhkEH0MbfRzflguVrfYfthsFC5V2fkFnizUG3uHMtQ,55
|
|
11
|
+
ansible_vars-1.0.10.dist-info/licenses/LICENSE,sha256=ocyJHLG5wD12qB4uam2pqWTHIJmzloiyNyTex6Q2DKo,1062
|
|
12
|
+
ansible_vars-1.0.10.dist-info/RECORD,,
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
ansible_vars/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
ansible_vars/cli.py,sha256=TFPSuUmOTWjX6FF5aAd2PnJkyftSur9DfccYwzjQe6A,63959
|
|
3
|
-
ansible_vars/constants.py,sha256=Nd3sIuSoOvyfUfHfnsnJBDGMW7eNzbMm1NAvEQio9hE,1624
|
|
4
|
-
ansible_vars/errors.py,sha256=6dzyksPKWira9O2-Ir3MIOwr4XjN9MSBiRp5e6siY6Q,1256
|
|
5
|
-
ansible_vars/util.py,sha256=UwGPBT19pee7lBpWuBzLPAvcrHUBAn6i1MrJvzM9OQ4,21265
|
|
6
|
-
ansible_vars/vault.py,sha256=cMvFdtc3bw6yf-aChUEP34k2yafWS2UuubFO84De_rA,46383
|
|
7
|
-
ansible_vars/vault_crypt.py,sha256=nh2k686nTI3yERIp-qzx5iDE1kZKg10YG019QeZDnLM,10019
|
|
8
|
-
ansible_vars-1.0.8.dist-info/METADATA,sha256=KSO8y8E4DZeGzYjXKrnuj-aW8ni3TEAh1upcwGPdlL0,17967
|
|
9
|
-
ansible_vars-1.0.8.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
10
|
-
ansible_vars-1.0.8.dist-info/entry_points.txt,sha256=RrhkEH0MbfRzflguVrfYfthsFC5V2fkFnizUG3uHMtQ,55
|
|
11
|
-
ansible_vars-1.0.8.dist-info/licenses/LICENSE,sha256=ocyJHLG5wD12qB4uam2pqWTHIJmzloiyNyTex6Q2DKo,1062
|
|
12
|
-
ansible_vars-1.0.8.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|