blob: 5c295fd0ce9c67d5a1ed6df7939a008e44b13124 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#!/bin/bash
if [ -z "$1" ]; then
echo "Usage: $0 <environment>"
exit 1
fi
NAME="$1"
shift
BIN=$(which gpg2)
if [ $? -ne 0 ]; then
BIN=$(which gpg)
fi
$BIN --decrypt --batch --no-tty --quiet < "${BASH_SOURCE%/*}/vault-pass-$NAME.gpg"
# Ansible up to including 2.6 seems to have a bug which ignores the setting of 'vault_id_match = True'
# in ansible.cfg (or the equivalent environment variable).
#
# To make it possible to use ansible-vault view as a textconv filter for git, we need to support
# the case that some people do not have access to all vaults. So let's return an invalid
# secret, and pretend success.
if [ $? -ne 0 ]; then
echo This is my secret. There are many others like it, but this one is mine. My secret is my best friend. It is my life. I must master it as I must master my life. Without me, my secret is useless. Without my secret, I am useless. Please do not quote from movies when searching for a passphrase.
exit 0
fi
|
