vault string not supported

tomoh1r / ansible-vault

This project aim to R/W an ansible-vault yaml file

GNU General Public License v3.0

54 stars 32 forks source link

vault string not supported #21

Open rmacian opened 6 years ago

rmacian commented 6 years ago

Since ansible 2.4 you can encrypt strings in a yaml file. We moved our whole yaml files encrypted to encrypted strings and it looks that the module does not support this:

https://docs.ansible.com/ansible/2.4/vault.html#use-encrypt-string-to-create-encrypted-variables-to-embed-in-yaml

File "/usr/local/lib/python2.7/site-packages/ansible_vault/api.py", line 62, in load
    return yaml.safe_load(self.load_raw(stream))
  File "/usr/local/lib/python2.7/site-packages/ansible_vault/api.py", line 50, in load_raw
    return self.vault.decrypt(stream)
  File "/usr/local/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 661, in decrypt
    plaintext, vault_id, vault_secret = self.decrypt_and_get_vault_id(vaulttext, filename=filename)
  File "/usr/local/lib/python2.7/site-packages/ansible/parsing/vault/__init__.py", line 684, in decrypt_and_get_vault_id
    raise AnsibleError(msg)
ansible.errors.AnsibleError: input is not vault encrypted data

covelus commented 5 years ago

I thought I was having a similar problem, but I solved installing the pre-release version (2.0.0b1)

pip3 install ansible-vault==2.0.0b1

Anyway, I let the failure happening with the 1.2.0 version below, but not sure if it's the same:

I am doing an initial test, and a password in str format, but then this happens:

File "/home/xxxxxx/.local/lib/python3.6/site-packages/ansible_vault/api.py", line 70, in dump return self.dump_raw(yaml_text, stream=stream) File "/home/xxxxxx/.local/lib/python3.6/site-packages/ansible_vault/api.py", line 56, in dump_raw stream.write(encrypted) TypeError: write() argument must be str, not bytes

My code snippet:

vault = Vault('testuser01')
data = "example-Insecure_p$$Wd"
vault.dump(data, open("tests/data/vault.yml", 'w'))

Screenshot from debugging:

tector commented 4 years ago

I am very new to ansible-vault and need this feature. So what's the status of this ticket?

sudeepms commented 2 years ago

What's the status of this issue?

Endemoniada commented 2 weeks ago

While we wait for the maintainer to acknowledge this *looks at watch* ...SIX YEAR old issue, maybe the following can be of use: https://newbit.ch/ansible-vault-encrypted-variables/

I successfully used the author's example code to add support for reading vault-strings in a Python tool I'm writing. Should be easy to modify for most people's needs.