Created
September 13, 2017 17:44
-
-
Save samdoran/9f12e7c7efa338058fa7ea9a265de2cf to your computer and use it in GitHub Desktop.
Fetch Ansible Vault password from macOS keychain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Get Ansible Vault password from macOS Keychain | |
| # | |
| # You will need to create a new password item in the login keychain | |
| SECURITY_BIN=$(which security) | |
| set_vault_account() { | |
| if [[ ! -z "$ANSIBLE_VAULT" ]]; then | |
| account_name="$ANSIBLE_VAULT" | |
| else | |
| current_path="$(pwd)" | |
| # Based on the current path, set the account to lookup in the system keychain | |
| case "$current_path" in | |
| *XYZ* ) | |
| account_name="xyzvault" | |
| ;; | |
| *ABC* ) | |
| account_name="abcvault" | |
| ;; | |
| *ansibullbot* ) | |
| account_name="ansibullbot" | |
| ;; | |
| * ) | |
| account_name="vault" | |
| ;; | |
| esac | |
| fi | |
| } | |
| get_vault_key() { | |
| $SECURITY_BIN find-generic-password -a $account_name -w | |
| } | |
| set_vault_account | |
| get_vault_key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment