{"id":30769894,"url":"https://github.com/dekeyrej/ansible-vault-keys","last_synced_at":"2026-04-15T15:33:20.152Z","repository":{"id":311319551,"uuid":"1043304172","full_name":"dekeyrej/ansible-vault-keys","owner":"dekeyrej","description":"ansible-vault-keys","archived":false,"fork":false,"pushed_at":"2025-11-09T00:08:56.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-09T02:23:51.813Z","etag":null,"topics":["ansible","cli","encryption","vault","yaml"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dekeyrej.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-23T15:16:06.000Z","updated_at":"2025-11-09T00:09:00.000Z","dependencies_parsed_at":"2025-08-24T07:39:51.727Z","dependency_job_id":"d166b63a-5c3e-4934-a420-4287a7ccec0f","html_url":"https://github.com/dekeyrej/ansible-vault-keys","commit_stats":null,"previous_names":["dekeyrej/ansible-vault-keys"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dekeyrej/ansible-vault-keys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dekeyrej%2Fansible-vault-keys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dekeyrej%2Fansible-vault-keys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dekeyrej%2Fansible-vault-keys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dekeyrej%2Fansible-vault-keys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dekeyrej","download_url":"https://codeload.github.com/dekeyrej/ansible-vault-keys/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dekeyrej%2Fansible-vault-keys/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31847813,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","cli","encryption","vault","yaml"],"created_at":"2025-09-04T23:02:35.108Z","updated_at":"2026-04-15T15:33:20.142Z","avatar_url":"https://github.com/dekeyrej.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ansible-vault-keys\n\n![Coverage](https://img.shields.io/badge/Coverage-100%25-brightgreen?style=flat-square)\n![Tests](https://img.shields.io/badge/Tests-Passing-green?style=flat-square)\n![License](https://img.shields.io/github/license/dekeyrej/ansible-vault-keys?style=flat-square)\n![Python](https://img.shields.io/badge/Python-3.8%2B-blue?style=flat-square)\n![Repo Size](https://img.shields.io/github/repo-size/dekeyrej/ansible-vault-keys?style=flat-square)\n![Last Commit](https://img.shields.io/github/last-commit/dekeyrej/ansible-vault-keys?style=flat-square)\n[![PyPI](https://img.shields.io/pypi/v/ansible-vault-keys?style=flat-square)](https://pypi.org/project/ansible-vault-keys/)\n![Encryption Style](https://img.shields.io/badge/Encryption-Selective%20%26%20Elegant-purple?style=flat-square)\n![YAML Fidelity](https://img.shields.io/badge/YAML-Roundtrip%20Safe-yellow?style=flat-square)\n\nSelective encryption of YAML keys using Ansible Vault — with full round-trip support.\n\n## ✨ Why?\n\nAnsible Vault is great for securing secrets, but encrypting entire files makes them opaque and hard to document. \n\nThis tool lets you encrypt only the sensitive keys in your YAML files, preserving:\n\n- ✅ Comments\n- ✅ Key order\n- ✅ Formatting\n- ✅ Readability\n\nNo more guessing what's inside a vault-encrypted blob. Just mark the keys you want to encrypt, and keep the rest visible.\n\n## 🧙‍♂️ Philosophy\n\nThis tool is itended to be a _companion_ to `ansible-vault`, not a replacement. It’s built for clarity, maintainability, and expressive workflows — especially when documenting or collaborating on infrastructure.\n\nThink of it as a scribe that encrypts only what must be hidden, while preserving the story around it. In keeping with the design goals - Your YAML remains readable, annotated, and collaborative — even when secrets are tucked away.\n\n## 🚀 Quickstart\n\nEncrypt selected keys in a YAML file:\n\n```bash\nansible-vault-keys encrypt somevars.yaml\n```\n\nDecrypt them later:\n```bash\nansible-vault-keys decrypt somevars.yaml\n```\n\nView decrypted values without modifying the file\n```bash\nansible-vault-keys view somevars.yaml\n```\n\n### 🧾 Before\n\n```yaml\n# somevars.yaml\nplain: value\n# this one is sensitive v\npassword: somesensitivevalue\nuser: bob\n# so is this one v\napikey: nue6756be8cs83jn2l4\nencrypted_keys: [password, apikey]\n```\n\n### 🔐 After Encryption\n\n```yaml\n# somevars.yaml\nplain: value\n# this one is sensitive v\npassword: !vault |  # 🔐 Encrypted keys are marked with !vault\n  $ANSIBLE_VAULT;1.1;AES256\n  ...\nuser: bob\n# so is this one v\napikey: !vault |   # 🔐 Encrypted keys are marked with !vault\n  $ANSIBLE_VAULT;1.1;AES256\n  ...\nencrypted_keys: [password, apikey]\n```\n\n```🔐 Encrypted keys are marked with !vault``` This comment is for illustration only — it’s not included in the actual output.\n\n\n#### Commands Table:\n| Command | Description |\n|--------|-------------|\n| `encrypt` | Encrypts keys listed in `encrypted_keys` or specified with --keys  |\n| `decrypt` | Decrypts all vault-encrypted values |\n| `view` | Displays decrypted values without modifying the file |\n\n#### Flags Table:\n| Flag | Description |\n|------|-------------|\n| `--dry-run` | Show changes without writing to file |\n| `--vault-password-file` | Path to vault password file (default: `vault.password`) |\n| `--keys` | Merge with `encrypted_keys` list from YAML |\n\n### **Clarify the `--keys` Behavior**\n\n\u003e ⚠️ Note: `--keys` are merged with any existing `encrypted_keys` list during encryption.\n\n### Usage:\n```bash\nusage: ansible-vault-keys [-h] [--output [OUTPUT]] [--vault-password-file VAULT_PASSWORD_FILE] [--keys KEYS [KEYS ...]] [--dry-run] {encrypt,decrypt,view} input\n\nSelectively encrypt sensitive variables\n\npositional arguments:\n  {encrypt,decrypt,view}\n                        Command to execute\n  input                 Path to input YAML file\n\noptions:\n  -h, --help            show this help message and exit\n  --output [OUTPUT]     Path to output YAML file (optional), defaults to input file, will clobber without warning\n  --vault-password-file VAULT_PASSWORD_FILE\n                        Path to vault password file\n  --keys KEYS [KEYS ...]\n                        Keys to encrypt\n  --dry-run             Show changes without writing to file\n```\n\n\n## 📦 Install\n\nInstall locally for CLI use:\n```bash\npip install .\n```\n\nOr build a wheel:\n```bash\npython -m build\n```\n\nAfter installation, the ansible-vault-keys command will be available in your shell.\n\n## 📝 License\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdekeyrej%2Fansible-vault-keys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdekeyrej%2Fansible-vault-keys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdekeyrej%2Fansible-vault-keys/lists"}