gwvault - GoodwayGroup Ansible Vault
ansible-vault
CLI reimplemented in go
ansible-vault
is a very powerful tool and we wanted to simplifying the install and management of the tool as a standalone, cross platform tool.
Basic Usage
Please see the docs for details on the commands.
Use in place of ansible-vault
. All commands are reimplemented. The tool will default to asking for your Vault password.
$ gwvault -h
NAME:
gwvault - encryption/decryption utility for Ansible data files
USAGE:
main [global options] command [command options] [arguments...]
COMMANDS:
encrypt encrypt file
decrypt decrypt file
edit edit file and re-encrypt
rekey alter encryption password and re-encrypt
create create a new encrypted file
view view inputs of encrypted file
encrypt_string, av_encrypt_string encrypt provided string, output in ansible-vault format
install-manpage Generate and install man page
version, v Print version info
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--vault-password-file VAULT_PASSWORD_FILE vault password file VAULT_PASSWORD_FILE
--new-vault-password-file NEW_VAULT_PASSWORD_FILE new vault password file for rekey NEW_VAULT_PASSWORD_FILE
--help, -h show help (default: false)
Installation
asdf
plugin
Add plugin:
$ asdf plugin add gwvault
Install the latest version:
$ asdf install gwvault latest
Homebrew (for macOS users)
brew tap GoodwayGroup/gwvault
brew install gwvault
curl binary
$ curl https://i.jpillora.com/GoodwayGroup/gwvault! | bash
docker
The compiled docker images are maintained on GitHub Container Registry (ghcr.io). We maintain the following tags:
edge
: Image that is build from the currentHEAD
of the main line branch.latest
: Image that is built from the latest released versionx.y.z
(versions): Images that are build from the tagged versions within Github.
docker pull ghcr.io/goodwaygroup/gwvault
docker run -v "$PWD":/workdir ghcr.io/goodwaygroup/gwvault --version
man page
To install man
page:
$ gwvault install-manpage
Benchmarks
Benchmarking done using bench
. Execute the benchmark/run.sh
script to generate a new benchmark.
As compared to ansible-vault
(v2.9.11 on python v3.8.5), typical actions take a 80% less time to complete.
Action | ansible-vault |
gwvault |
---|---|---|
encrypt | 482 ms | 94 ms |
decrypt | 499 ms | 96 ms |
rekey | 650 ms | 162 ms |
encrypt_string | 429 ms | 64 ms |
encrypt + decrypt | 1,087 ms | 168 ms |
See ./benchmark/results.html
for a detailed breakdown of the results after running the benchmark.
Built With
- go v1.16+
- make
- goreleaser
Deployment
Run ./release.sh $VERSION
This will update docs, changelog, add the tag, push main and the tag to the repo. The goreleaser
action will publish the binaries to the Github Release.
If you want to simulate the goreleaser
process, run the following command:
$ curl -sL https://git.io/goreleaser | bash -s -- --rm-dist --skip-publish --snapshot
Contributing
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
- Fork the GoodwayGroup/gwvault repo
- Use
go >= 1.16
- Branch & Code
- Run linters :broom:
golangci-lint run
- The project uses golangci-lint
- Commit with a Conventional Commit
- Open a PR
Versioning
We employ git-chglog to manage the CHANGELOG.md. For the versions available, see the tags on this repository.
Authors
- Derek Smith - @clok
- Paulo Black - @paulojblack
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the LICENSE file for details
Acknowledgments
- Thank you to @pbthorste for doing the heavy lifting on avtool