Last active
May 20, 2019 10:26
-
-
Save schneidr/98aca45e9d6c4e138e6e23c9d375e19a to your computer and use it in GitHub Desktop.
sudo-esque password caching behaviour for ansible vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # sudo-esque password caching behaviour for ansible vault | |
| # | |
| # WARNING! the password will be stored in a clear text file until 5 minutes after you used the script last | |
| # | |
| # Place this script as ansible-sudo.sh in your path | |
| # Set the following settings: | |
| # crontab -e | |
| # * * * * * find ~/.ansible/ -name password_tmp -mmin +5 -delete | |
| # .bashrc | |
| # alias ansible='ansible-sudo.sh ansible' | |
| # alias ansible-playbook='ansible-sudo.sh ansible-playbook' | |
| PASSWORDFILE=~/.ansible/password_tmp | |
| PWPARAM="" | |
| if [ ! -f $PASSWORDFILE ]; then | |
| echo -n "Vault password: " | |
| read -s PASSWORD | |
| echo | |
| if [ ! -z "$PASSWORD" ]; then | |
| echo $PASSWORD > $PASSWORDFILE | |
| chmod 0600 $PASSWORDFILE | |
| unset PASSWORD | |
| fi | |
| fi | |
| if [ -f $PASSWORDFILE ]; then | |
| PWPARAM="--vault-password-file $PASSWORDFILE" | |
| touch $PASSWORDFILE | |
| fi | |
| $1 $PWPARAM ${@:2} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-16"?> | |
| <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> | |
| <RegistrationInfo> | |
| <Date>2019-05-20T12:22:40.2340908</Date> | |
| <Author>username</Author> | |
| <URI\delete ansible password file</URI> | |
| </RegistrationInfo> | |
| <Triggers> | |
| <LogonTrigger> | |
| <Repetition> | |
| <Interval>PT1M</Interval> | |
| <Duration>P1D</Duration> | |
| <StopAtDurationEnd>false</StopAtDurationEnd> | |
| </Repetition> | |
| <Enabled>true</Enabled> | |
| <UserId>username</UserId> | |
| </LogonTrigger> | |
| </Triggers> | |
| <Principals> | |
| <Principal id="Author"> | |
| <UserId>X-X-X-XX-XXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX</UserId> | |
| <LogonType>InteractiveToken</LogonType> | |
| <RunLevel>LeastPrivilege</RunLevel> | |
| </Principal> | |
| </Principals> | |
| <Settings> | |
| <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> | |
| <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> | |
| <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> | |
| <AllowHardTerminate>true</AllowHardTerminate> | |
| <StartWhenAvailable>false</StartWhenAvailable> | |
| <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> | |
| <IdleSettings> | |
| <StopOnIdleEnd>true</StopOnIdleEnd> | |
| <RestartOnIdle>false</RestartOnIdle> | |
| </IdleSettings> | |
| <AllowStartOnDemand>true</AllowStartOnDemand> | |
| <Enabled>true</Enabled> | |
| <Hidden>true</Hidden> | |
| <RunOnlyIfIdle>false</RunOnlyIfIdle> | |
| <WakeToRun>false</WakeToRun> | |
| <ExecutionTimeLimit>PT1H</ExecutionTimeLimit> | |
| <Priority>7</Priority> | |
| </Settings> | |
| <Actions Context="Author"> | |
| <Exec> | |
| <Command>wsl</Command> | |
| <Arguments>find ~/.ansible/ -name password_tmp -mmin +5 -delete</Arguments> | |
| </Exec> | |
| </Actions> | |
| </Task> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Added windows task for deleting the file since cron doesn't start automatically with windows