nornir-automation / nornir

Pluggable multi-threaded framework with inventory management to help operate collections of devices
https://nornir.readthedocs.io/
Apache License 2.0
1.4k stars 237 forks source link

[ For discussion ] Ansible-Vault style encryption for SimpleInventory #762

Open matman26 opened 2 years ago

matman26 commented 2 years ago

The idea would be to unencrypt file-based inventories on-the-fly to extract host, group and defaults data, similar to how Ansible implements this for vault-encrypted host vars. A vault key would be required to execute the script with access to host data, making host data otherwise inaccessible. This would at least mitigate the issue of using plain-text inventories for handling sensitive data.

This could maybe be implemented as a separate inventory plugin, or some kind of flag for SimpleInventory?

I'd be willing to submit a PR for this myself, but would like to discuss how it would better integrate with the current Nornir ecosystem first. Thanks!

dbarrosop commented 2 years ago

Good idea, I think adding a new inventory to the nornir-utils repo that inherits from SimpleInventory would be the way to go, that way you just need to add the few bits and pieces you need for that.

matman26 commented 2 years ago

Great! I'll probably look into it towards the weekend. Will open a PR over there.