Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/timo-reymann/idea-ansible-vault-integration
Plugin to integrate the ansible vault directly into IntelliJ IDEA with context actions for vaulting and unvaulting secrets
https://github.com/timo-reymann/idea-ansible-vault-integration
ansible idea-plugin intellij
Last synced: about 12 hours ago
JSON representation
Plugin to integrate the ansible vault directly into IntelliJ IDEA with context actions for vaulting and unvaulting secrets
- Host: GitHub
- URL: https://github.com/timo-reymann/idea-ansible-vault-integration
- Owner: timo-reymann
- License: apache-2.0
- Created: 2020-05-21T18:31:32.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-11-13T12:31:54.000Z (2 days ago)
- Last Synced: 2024-11-13T13:36:44.292Z (2 days ago)
- Topics: ansible, idea-plugin, intellij
- Language: Kotlin
- Homepage: https://timo-reymann.github.io/idea-ansible-vault-integration/
- Size: 1.43 MB
- Stars: 8
- Watchers: 3
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
Ansible Vault Integration
===
[](https://app.circleci.com/pipelines/github/timo-reymann/idea-ansible-vault-integration)
[](https://github.com/timo-reymann/idea-ansible-vault-integration/releases)
[](https://plugins.jetbrains.com/plugin/14353-ansible-vault-integration)
[](https://plugins.jetbrains.com/plugin/14353-ansible-vault-integration/reviews)
[](https://renovatebot.com)
[](https://sonarcloud.io/summary/new_code?id=timo-reymann_idea-ansible-vault-integration)
[](https://sonarcloud.io/summary/new_code?id=timo-reymann_idea-ansible-vault-integration)
[](https://app.fossa.com/projects/git%2Bgithub.com%2Ftimo-reymann%2Fidea-ansible-vault-integration?ref=badge_shield)
Integrate the ansible vault directly into IntelliJ IDEA with context actions for vaulting and unvaulting secrets. This
makes working with ansible-vault a breeze!
## Features
### Vaulting secrets
Vault any text from within your yaml file, just hint ``Alt+Enter`` -> ``Vault ansible secret``
### Unvaulting secrets
Unvaulting is as easy as placing your cursor in the secret, hitting ``Alt+Enter`` -> ``Unvault ansible secret`` and you
are done!
## Requirements
- IDEA-based IDE compatible with the plugin
## Installation
1. Press (Ctrl+Alt+S/⌘/) to open the IDE settings and select Plugins.
2. Search for `MJML Support` in the Marketplace and click Install.
## Usage
### Configure ansible-vault call
Got a custom vault file for your project? - I got you covered with custom command line arguments!
### Provided environment variables
In case you are using a script to provide your vault secret, the plugin provides the following environment variables:
| Environment variable | Content |
|:---------------------------------------------|:--------------------------------------------------------------------|
| IDEA_ANSIBLE_VAULT_CONTEXT_FILE | Absolute path to the file the vault/unvault action was triggered in |
| IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY | Name of the directory the action was triggered in, **NO** path |
| IDEA_ANSIBLE_VAULT_CONTEXT_PROJECT_BASE_PATH | Absolute path of the project the action was triggered in |
| IDEA_ANSIBLE_VAULT_CONTEXT_PROJECT_NAME | Name of the project the action was triggered in |
#### Examples
Navigate to `Settings | Tools | Ansible Vault`
##### Configure secret file in current project
Use following cli args:
```
--vault-password-file .project-secret
```
##### Configure secret file in home directory
Use following cli args:
```
--vault-password-file ~/.ansible-secret
```
##### Configure secret based on maturity
Let's say you have an ansible setup with three stages (dev, qa, prod), with the following directory structure:
```
group-vars/
all/vars.yml
dev/vars.yml
qa/vars.yml
prod/vars.yml
```
For each maturity you have a different vault file following this pattern: `.${maturity}.secret`, you can use the following
configuration:
Cli args:
```
--vault-password-file .idea-get-vault-password.sh
```
Create the file `.idea-get-vault-password.sh` (0700):
```bash
#!/usr/bin/env bash
# Helper to show error message
__error_message() {
>&2 echo "$1"
exit 2
}
# Check script is not called directly
if [ -z "$IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY" ]
then
__error_message "Call is not coming from IntelliJ Plugin"
fi
# Check context folder
case "$IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY" in
# known maturities
dev|qa|prod)
secret_file=".${IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY}.secret"
if [ -f "$secret_file" ]
then
cat ".${IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY}.secret"
else
__error_message "Secret file '${secret_file}' not found"
fi
;;
# whoops something went wrong
*)
__error_message "Unsupported folder"
exit 2
;;
esac
```
## Motivation
Ansible is great, but the ansible-vault is a piece of junk to use for passwords to encrypt and decrypt.
## Contributing
I love your input! I want to make contributing to this project as easy and transparent as possible, whether it's:
- Reporting a bug
- Discussing the current state of the configuration
- Submitting a fix
- Proposing new features
- Becoming a maintainer
To get started please read the [Contribution Guidelines](./CONTRIBUTING.md).
## Development
### Requirements
- [Java](https://openjdk.org/)
### Test
```shell
# To run unit tests
./gradlew test
# To run plugin verifier to check compability
./gradlew verifyPlugin
```
### Build
```shell
./gradlew buildPlugin
```