Last Updated: February 25, 2016
·
1.471K
· gerhard

OS X keychain & ansible-vault

Wrapper script to seamlessly retrieve a password from your OS X keychain and use it with ansible-vault:

#!/usr/bin/env bash

tmpfile=$(mktemp -t vault)

ensure_tmpfile_gets_removed() {
  rm -f $tmpfile
}

trap ensure_tmpfile_gets_removed EXIT

echo $(security find-generic-password -a ansible_vault -w) > $tmpfile

command="$1"
shift
args=$@

ansible-vault $command $args --vault-password-file $tmpfile