dhoeric / vscode-ansible-vault Goto Github PK
View Code? Open in Web Editor NEWVSCode plugin for encrypt/decrypt with ansible-vault
Home Page: https://marketplace.visualstudio.com/items?itemName=dhoeric.ansible-vault
VSCode plugin for encrypt/decrypt with ansible-vault
Home Page: https://marketplace.visualstudio.com/items?itemName=dhoeric.ansible-vault
Hello.
I faced a problem with ansible-vault extention.
It not work. I set all three variables in settings, restart VS code.
When i select Encrypt/decrypt in menu i got nothing.
My environment:
Hi, it would be great to be able to highlight an item and encrypt just the selected string instead of the whole file.
Hi,
based on the double-quoted shell exec there is an issue regarding some character combinations like \$
for example.
Bash-Example:
echo "myWonderFullPa\$\$"
myWonderFullPa$$
vs
echo 'myWonderFullPa\$\$'
myWonderFullPa\$\$
vscode-ansible-vault/src/extension.ts
Line 104 in ff65dd6
Would suggest to change that command to a single quoted variant to hopefully get the typed password to the target ansible-vault command and not losing some chars in the middle.
System: Fedora 32
VS version: 1.46.1
I have ansible installed
ansible --version
ansible 2.9.10
and path to ansible-vault configured in Ansible Vault: Executable
When I try to decrypt file, it says:
Command 'Encrypt/Decrypt with ansible-vault' resulted in an error
(Command failed: /home/path/local/bin/ansible-vault decrypt "/path" --vault-password-file="/tmp/tmp-875IalWvJ7BheK"
Traceback (most recent call last): File "/home/path/.local/bin/ansible-vault",
line 34, in <module> from ansible import context ModuleNotFoundError: No module named 'ansible' )
Do I have to configure something else in visual studio?
I can run decrypt using command line ansible-vault view group_vars/all/vault.yml
from the command line and it does work. Just do no like it as zsh defaults to vi and I prefer to view and edit in Visual Studio Code.
These errors I see when running decryption:
Getting vault keyfile from /Users/jasper/code/site.com/trellis/ansible.cfg
Command failed: ansible-vault decrypt "/Users/jasper/code/site.com/trellis/group_vars/all/vault.yml"
Trellis has a ansible.cfg loading password from .vault_pass file and it is in the root of the project so should just load.
Could be related to #26
Dear developer,
Recently we conducted a VS code extension audit to review coding practices, making sure we’re using the latest technologies available focused on security. During this review, we identified a security issue inside your extension where credentials are stored as plaintext.
Back in January of this year, VSCode introduced API for secrets storage keystrokes in to save the secrets. Please take a moment to read through this API in order to understand how to enhance the extension security.
Any questions, please feel free to ask and I’ll be happy to help!
Ability to control path to ansible-vault would be nice.
Hi,
It's would be amazing if you can add the support for viewing/editing the content of a vault file without decrypt/encrypt the file.
Eg :
ansible-vault view some_vault_file
Hello,
I am using VScode, I installed the plugin. I wanted to use it without configure ansibleVault.keyfile and ansibleVault.keypass.
So, I opend my vault file. Hit ctl+alt+0 as mentioned then tape the password vault and nothing happen.
Any hit ? did I miss smthg ?
Thanks
Anis
It appears that the plugin does not properly respect when ANSIBLE_VAULT_PASSWORD_FILE is set via environment variable.
When attempting to decrypt/encrypt, regardless of whether I have ansibleVault.keyfile set in the VSCode preferences or enter the passkey manually, I get the following error:
Command failed: ansible-vault encrypt "/Users/cweiss/workspace/.../secure_variables.yml" --vault-password-file="/var/folders/xd/xs3zm4d50_56hrb_mq3_203nnqq4gy/T/tmp-88542TClaVHohZmsP" ERROR! The vault-ids default,default are available to encrypt. Specify the vault-id to encrypt with --encrypt-vault-id
From what I understand, this error occurs when you try to specify a passkey when one is already specified by configuration files/variables, ansible-vault doesn't know which to pick.
If I un-set the environment variable and launch VSCode from that shell instance, the plugin works correctly.
This is on OS-X using zsh as my default interpreter and setting the variable in .zshrc. It appears the environment variables the system is launched with are locked in the VSCode instance when it's launched from Finder. To properly test, you need to make changes in a terminal instance and launch VSCode from that environment using the command line.
Hi,
I'm getting this when working with vscode (remote connected to a linux box). It's running fine inside wsl - I'm only getting this on this remote box. Any hints what I'm doing wrong ?
Thanks !
Command 'Ansible Vault: Encrypt/Decrypt' resulted in an error (Command failed: ansible-vault decrypt "xxxx/ansible-playbooks/vars/encrypted.yml" /usr/lib/python3.7/getpass.py:91: GetPassWarning: Can not control echo on the terminal. passwd = fallback_getpass(prompt, stream) Warning: Password input may be echoed. Vault password: [WARNING]: Error in vault password prompt (default): EOFError (ctrl-d) on prompt for (default) ERROR! EOFError (ctrl-d) on prompt for (default) )
I get the following error:
'.vault_password' specified in defaults.vault_password_file of '/Users/dutchy/path/to/project/here/ansible.cfg' is not exist.
This file is specified as follows:
[defaults]
inventory=./inventory.ini
vault_password_file=.vault_password
Maybe some error with relative paths?
This is on MacOS, if that is relevant.
When using an ansible.cfg
file which contains a setting for a default vault_password_file
the extension always asks for a password. Leaving this empty will result in an error.
ansible.cfg
contains a default setting for a vault_password_file
ansible.cfg
can be defined with an absolute path or relative to the location of the ansible.cfg
ansible.cfg
and the referenced file existsRef: http://docs.ansible.com/ansible/latest/intro_configuration.html#configuration-file
@dhoeric As the newer Ansible Language extension already added support for vaulting, I think it would not be bad if this extension would be retired from the marketplace?
What do you think?
Please see issue reported on Ansible's Repo: ansible/ansible#46310
if vault file path is defined in ansible.cfg --vault-password-file should not be specified on the commandline otherwise encrypt will stop functioning from the extension.
Can the extension be made to only include --vault-password-file="" if the field in the extension settings is populated?
I use Visual Code on Windows, but run Ansible in VM's or in Window's Linux Subsystem (WSL). With the newer versions, you can launch Linux programs from Windows with the c:\Windows\System32\bash.exe
command.
I first tried to set ansibleVault.executable
to c:\\Windows\\System32\\bash.exe -lc 'workon ansible2; ansible-vault $*' --
which is a command that works from the cmd.exe
windows shell (without the escaped \
). Running this however completely hangs all input in Visual Studio, forcing me to restart it.
I've tried quite a few things, including a wrapper shellscript, wrapper batch script, ... all with the same results.
The plugin always tries to use the first folder declared in the workspace list, so if the vault file isn't in the first folder then the plugin will not find the ansible.cfg file or worse, uses the ansible.cfg of the first workspace folder, that can have an unrelated configuration.
A possible fix is to check the current folder, then the parent ones until it finds the ansible.cfg file (stopping at the root of the current workspace), then checking the user and system locations..
���@�Ê?‘6�g�ÔÆZM�o�>¥�ú¥9
»¢�/ÆØÙ(~O_¤w×B—�Êù*?·)ꨚ8�Úéc£‘ÙŸÌø¢j?¶.œ8Íjjõ5–è2ͳ´ôÜ�syéüííQ‚ï£|Ðý„Rf"öd]Bܼ¤…¥ÃAC¿‡´ª'Œ;{_!øÛ�4€H3¦Aøå™û9zÈö¶Q yý’¯$ÓüI”©Ñ�–ÌàíÔç�aÇ‘½i¬ÞÁþ�é¥-xoNc[—Æ–D õ_oyTòwà˜œSØ^7� �œœ@<�¼Ôš¼ê×¾Gê�\—´3��3ª-‹¾‰�(Óï"™EC¡‹Zj�É“ìÇ|�>p¼�·�Ãÿ* ±�Xõse�HyÐKV¤ªÆhå¹�w™†( Üáìâá?ì�™=ÎUu°ÃA0W€%�“�¸ª�f� ÖF)²éÌŸ]��lн!��³,ŠÛâí’@&ÁBý�ß }�ƒÃ½€a¦�úù�—«ÿ^Àµ©Œ�[$œ×D�oóíäÆ�.VpÃíð·›�-�¼\v3ü{%(L»$dÀi�¹–Öãöú��h!‹�iǬ ˆ�Ãß œÆ{}Ý£Ï-:r×*E‰�ôE
*Uw( À�N�1Ñ�…¡¨n°pÖ€����7Å�l¸p³ï÷œëK^^Øa(×ɱçÒÝ�Ab�_æäü øŸÙ –Ì�Úߊ�fÈ
�åÑ�£¾ÃkïõÜ�Ì’NG.?°òPÒÛõËTÝ
Running encrypt or decrypt fails on my machine because /bin/sh: ansible-vault: command not found
. My ansible vault location is at /Users/jsmith/.pyenv/shims/ansible-vault
When attempting to encrypt a file, we get:
Command failed: /usr/local/bin/ansible-vault encrypt "/Users//Documents/GitHub/all.yml" --vault-password-file="/etc/ansible/.vaultpwd"
ERROR! The vault-ids default,default are available to encrypt. Specify the vault-id to encrypt with --encrypt-vault-id
When I try to decrypt a file I get the following error: filepath.charCodeAt is not a function
I'm not able to encrypt files that do not have a .yml extension. Can we lift this restriction somehow?
I use VSCode on Windows. When trying to use this extension without storing password on filesystem (e.g. entering password each time it's required), I face the following error:
Command failed: touch C:\Users\User\AppData\Local\Temp\tmp-57692Jab9WhG31WYX && echo "PassWord" > C:\Users\User\AppData\Local\Temp\tmp-57692Jab9WhG31WYX 'touch' is not recognized as an internal or external command, operable program or batch file.
It's an expected behavior, because Windows doesn't have Unix commands natively.
My offer is to use TypeScript/JS native ways to write files (e.g. fs
module) - this will resolve all possible cross-platform problems.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.