-
Notifications
You must be signed in to change notification settings - Fork 626
Ansible Vault
Ansible Vault is a feature of Ansible that allows you to keep sensitive data such as passwords or keys in encrypted files, rather than as plaintext in playbooks or roles. These vault files can then be distributed or placed in source control.
But it can be used as a stand-alone tool without Ansible to encrypt single files.
You can use it to have encrypted env variables files instead of plaintext variables in .envrc
pip install ansible-vault
touch .env
ansible-vault encrypt .env
you will be asked for the encryption password
ansible-vault decrypt .env
edit the file and encrypt it again
Note: the file should be encrypted in order for direnv to work otherwise it will throw an error that the file is not encrypted
edit your .envrc file and add the following snippet
direnv_load_ansible_vault_variables() {
local path=${1:-$PWD/.env}
eval "$(ansible-vault view "$path" | direnv dotenv bash /dev/stdin)"
watch_file "$path"
}
direnv_load_ansible_vault_variables
The code snippet and the above configurations assume that you have your secrets in a file called .env, you can replace that with whatever file you want to use a different file you can add the file name as a parameter like the following
direnv_load_ansible_vault_variables <file-name>