Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault ID Support #30

Open
nbonavia opened this issue Oct 21, 2019 · 1 comment
Open

Vault ID Support #30

nbonavia opened this issue Oct 21, 2019 · 1 comment
Assignees
@tomoh1r

Comments

@nbonavia
Copy link

I have been trying to decrypt ansible-vault enctrypted strings with python, but I could not find much documentation when it comes to using vault ids. I tried to create a vault with the latest version of ansible-vault

ansible-vault 2.8.6
  config file = None
  configured module search path = ['/home/neville/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/neville/.pyenv/versions/3.7.4/lib/python3.7/site-packages/ansible
  executable location = /home/neville/.pyenv/versions/3.7.4/bin/ansible-vault
  python version = 3.7.4 (default, Sep  8 2019, 10:28:23) [GCC 8.3.0]

but I could not find examples of how to set up the Vault Id when you decode the ansible_vault part, and when I tried to use Vault("password"), I got an error that no secrets were found. Can someone provide some snippets that will help me decrypt the below string?

Note: I used 'password' for the vault password
ansible-vault encrypt_string --vault-id test_vault@prompt
New vault password (test_vault): 
Confirm new vault password (test_vault): 
Reading plaintext input from stdin. (ctrl-d to end input)
Hello World
!vault |
          $ANSIBLE_VAULT;1.2;AES256;test_vault
          65336466616237373839383838383633646266656235336665626633626337376334663564353637
          6237303233376162656461336537336335616565316535650a613731653162366239623739386234
          64663838393235303463363063363761343435343134333739616366376663316337313764346265
          3332356164373533610a636261366337643566326362663733393131623661383632373666316166
          3135
Encryption successful
@tomoh1r tomoh1r self-assigned this Feb 7, 2021
@life5ign
Copy link

I've also been using ansible-vault (this package) in Python, with a vault password that has an id. I encrypt with just the password, i.e. vault = Vault('password') (I don't see the option to enter a vault id). When I try to decrypt later in a playbook, with the password, both with and without specifying the vault id, I get Decryption failed (no vault secrets were found that could decrypt)

With the -vvvv option, ansible-vault decrypt gives Error: HMAC verification failed: Signature did not match digest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomoh1r tomoh1r

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomoh1r @nbonavia @life5ign