Today I learned via Tristan about a library which is able to read and write Ansible vault files. I had a quick look because this might come in handy.

#!/usr/bin/env python3.7

from ansible_vault import Vault

vault = Vault('supersecurepassword')
data = vault.load(open('data.file').read())
print(data)

This is not an official Ansible project, according to the project page, but it appears to do its job:

$ echo seekr1t > data.file
$ ansible-vault encrypt data.file
New Vault password:
Confirm New Vault password:
Encryption successful

$ head -1 data.file
$ANSIBLE_VAULT;1.1;AES256

$ ./jp.py
seekr1t

$ echo seekr1t > data.file
$ ansible-vault encrypt --vault-id PROD@prompt data.file
New vault password (PROD):
Confirm new vault password (PROD):
Encryption successful

$ head -1 data.file
$ANSIBLE_VAULT;1.2;AES256;PROD

$ ./jp.py
seekr1t

The code requires Ansible to be installed.

ansible and vault :: 08 Feb 2020 :: e-mail