54 lines
1.1 KiB
Bash
Executable File
54 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# encrypt unencrypted secrets or warn if a secret is unencrypted in check mode
|
|
|
|
keydir=$1
|
|
secret=$2
|
|
mode=$3
|
|
|
|
if test -z "$mode"; then
|
|
echo "Usage: $0 keydir vault-password-file (check|encrypt)"
|
|
exit 1
|
|
fi
|
|
|
|
err=""
|
|
|
|
for key in "$keydir"/*; do
|
|
filetype=$(file "$key")
|
|
|
|
case "$filetype" in
|
|
*OpenSSH*)
|
|
case "$mode" in
|
|
encrypt)
|
|
ansible-vault encrypt --vault-password-file "$secret" --vault-id default "$key"
|
|
;;
|
|
check)
|
|
echo "$key is unencrypted!"
|
|
err=1
|
|
;;
|
|
esac
|
|
;;
|
|
*Ansible*Vault*)
|
|
case "$mode" in
|
|
check)
|
|
:
|
|
;;
|
|
esac
|
|
;;
|
|
*)
|
|
case "$mode" in
|
|
check)
|
|
echo "$key is an unknown clear text file!"
|
|
err=1
|
|
;;
|
|
esac
|
|
;;
|
|
|
|
|
|
esac
|
|
done
|
|
|
|
if test -n "$err"; then
|
|
exit 1
|
|
fi
|