https://github.com/trustedshops-public/python-ansible-vault-rotate
Advanced Python CLI to rotate the secret used for ansible vault inline secrets and files in a project
https://github.com/trustedshops-public/python-ansible-vault-rotate
ansible ansible-vault cli python rotation tppython-ansible tsansible
Last synced: 3 months ago
JSON representation
Advanced Python CLI to rotate the secret used for ansible vault inline secrets and files in a project
- Host: GitHub
- URL: https://github.com/trustedshops-public/python-ansible-vault-rotate
- Owner: trustedshops-public
- License: mit
- Created: 2023-01-09T08:37:36.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-03-11T22:57:13.000Z (4 months ago)
- Last Synced: 2025-03-24T16:23:35.978Z (4 months ago)
- Topics: ansible, ansible-vault, cli, python, rotation, tppython-ansible, tsansible
- Language: Python
- Homepage: https://pypi.org/project/ansible-vault-rotate/
- Size: 155 KB
- Stars: 23
- Watchers: 3
- Forks: 3
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
python-ansible-vault-rotate
===
[](https://github.com/trustedshops-public/spring-boot-starter-keycloak-path-based-resolver/blob/main/LICENSE)
[](https://pre-commit.com/)
[](https://dl.circleci.com/status-badge/redirect/gh/trustedshops-public/python-ansible-vault-rotate/tree/main)
[](https://pypi.org/project/ansible-vault-rotate)
[](https://codecov.io/gh/trustedshops-public/python-ansible-vault-rotate)
[](https://sonarcloud.io/summary/new_code?id=trustedshops-public_python-ansible-vault-rotate)
[](https://sonarcloud.io/summary/new_code?id=trustedshops-public_python-ansible-vault-rotate)
[](https://sonarcloud.io/summary/new_code?id=trustedshops-public_python-ansible-vault-rotate)Advanced Python CLI to rotate the secret used for ansible vault inline secrets and files in a project
## Features
- Reencrypt vault files
- Reencrypt inline vaulted secrets## Installation
It is strongly recommended to use pipx instead of pip if possible:
```sh
pipx install ansible-vault-rotate
```Otherwise you can also use plain pip, but be warned that this might
collide with your ansible installation globally!```sh
pip install ansible-vault-rotate
```## Usage
### Rekey given vault secret with new secret specified on CLI
```sh
ansible-vault-rotate --old-vault-secret-source file://my-vault-password \
--new-vault-secret-source my-new-secret \
--update-source-secret
```## Rekey only specific files (e.g. when using multiple keys per stage)
```sh
ansible-vault-rotate --old-vault-secret-source file://my-vault-password- \
--new-vault-secret-source my-new-secret \
--file-glob-pattern group_vars//*.yml \
--update-source-secret
```## Getting help about all args
```sh
ansible-vault-rotate --help
```## Development
For development, you will need:
- Python 3.9 or greater
- Poetry### Install
```
poetry install
```### Run tests
```
poetry run pytest
```