From 17447210485bbe379beb9c7e9a3034e900110ed9 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 1 Dec 2018 23:14:05 +0100 Subject: moved to multi environment repo structure --- gpg/get-vault-pass.sh | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'gpg/get-vault-pass.sh') diff --git a/gpg/get-vault-pass.sh b/gpg/get-vault-pass.sh index 202c94f7..6cf2ff9a 100755 --- a/gpg/get-vault-pass.sh +++ b/gpg/get-vault-pass.sh @@ -1,2 +1,20 @@ #!/bin/bash -gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi +NAME="$1" +shift + +gpg2 --decrypt --batch --no-tty --quiet < "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg" + +# Ansible up to including 2.6 seems to have a bug which ignores the setting of 'vault_id_match = True' +# in ansible.cfg (or the equivalent environment variable). +# +# To make it possible to use ansible-vault view as a textconv filter for git, we need to support +# the case that some people do not have access to all vaults. So let's return an invalid +# secret, and pretend success. +if [ $? -ne 0 ]; then + echo This is my secret. There are many others like it, but this one is mine. My secret is my best friend. It is my life. I must master it as I must master my life. Without me, my secret is useless. Without my secret, I am useless. Please do not quote from movies when searching for a passphrase. + exit 0 +fi -- cgit v1.2.3