Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bulk decrypt all files in project #1

Open
aioue opened this issue Aug 11, 2016 · 8 comments
Open

Bulk decrypt all files in project #1

aioue opened this issue Aug 11, 2016 · 8 comments
Labels
enhancement

Comments

@aioue
Copy link

aioue commented Aug 11, 2016

Would be great to bulk decrypt all vaulted files in project to allow global searching.
@aioue
Copy link
Author

aioue commented Oct 27, 2016

As per the Ansible Vault documentation, you can run

ansible-vault decrypt foo.yml bar.yml baz.yml

So in the background, you could search for all ansible vault headers ($ANSIBLE_VAULT) and decrypt at once.

@sydro
Copy link
Owner

sydro commented Nov 3, 2016

Hi, i think that bulk decryption is not very useful, but the possibility to search in vaulted files is fundamental. In this moment i'm developing in other branch this functionality.

In addition, on my first analisys, i found that the bulk decryption could add any problems to manage bulk re-encryption, so i opted to implement search funcionality.

@aioue
Copy link
Author

aioue commented Oct 5, 2017

Any news on the global searching?

@sydro
Copy link
Owner

sydro commented Oct 5, 2017
edited
Loading

I did try on a branch some changes, but nothing concrete!
If you want create a PR, i will appreciate it! 👍

@aioue
Copy link
Author

aioue commented Oct 6, 2017

I want to be able to use Atom's find in project on the encrypted data so I can match variables with secrets. Not sure about the workflow. What do you think?

Decrypt:

  • find all files in project that start with $ANSIBLE_VAULT;
  • decrypt them all using the vault password, saving the paths in a temporary file

Encrypt:

  • open temporary file, read all file paths
  • encrypt all files with the vault password
  • remove temporary file

Hooking into the 'find in project' so that it runs an ansible-vault view as it visits each file is beyond my ability and possibly slow.

@sydro
Copy link
Owner

sydro commented Oct 8, 2017

I think that you are right! Using ansible-vault view on the fly introduces a very large lag on 'find in project'.
you did propose steps that i consider good.

In my mind i figured the process in this way:

  1. hooking 'find in project' call
  2. find all file that start with $ANSIBLE_VAULT string
  3. decrypt those files and save path in temporary file
  4. return control to 'find in project' function
  5. hooking the end of search
  6. re-encrypt all included files in temporary file

@aioue
Copy link
Author

aioue commented Sep 7, 2018

I needed this functionality and wrote a quick&dirty script that does the above without involving Atom: https://github.com/aioue/pilfer

@aioue
Copy link
Author

aioue commented Sep 20, 2018

@sydro if you think the logic can be be adapted into atom-ansible-vault, I'd be happy to help test. My coding is good enough to make a PR for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sydro @aioue