gwvault - GoodwayGroup Ansible Vault

ansible-vault CLI reimplemented in go

ansible-vault is a very powerful tool and we wanted to simplifying the install and management of the tool as a standalone, cross platform tool.

Basic Usage

Please see the docs for details on the commands.

Use in place of ansible-vault. All commands are reimplemented. The tool will default to asking for your Vault password.

$ gwvault -h
NAME:
   gwvault - encryption/decryption utility for Ansible data files

USAGE:
   main [global options] command [command options] [arguments...]

COMMANDS:
   encrypt                            encrypt file
   decrypt                            decrypt file
   edit                               edit file and re-encrypt
   rekey                              alter encryption password and re-encrypt
   create                             create a new encrypted file
   view                               view inputs of encrypted file
   encrypt_string, av_encrypt_string  encrypt provided string, output in ansible-vault format
   install-manpage                    Generate and install man page
   version, v                         Print version info
   help, h                            Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --vault-password-file VAULT_PASSWORD_FILE          vault password file VAULT_PASSWORD_FILE
   --new-vault-password-file NEW_VAULT_PASSWORD_FILE  new vault password file for rekey NEW_VAULT_PASSWORD_FILE
   --help, -h                                         show help (default: false)

Installation

asdf plugin

Add plugin:

$ asdf plugin add gwvault

Install the latest version:

$ asdf install gwvault latest

Homebrew (for macOS users)

brew tap GoodwayGroup/gwvault
brew install gwvault

curl binary

$ curl https://i.jpillora.com/GoodwayGroup/gwvault! | bash

docker

The compiled docker images are maintained on GitHub Container Registry (ghcr.io). We maintain the following tags:

docker pull ghcr.io/goodwaygroup/gwvault
docker run -v "$PWD":/workdir ghcr.io/goodwaygroup/gwvault --version

man page

To install man page:

$ gwvault install-manpage

Benchmarks

Benchmarking done using bench. Execute the benchmark/run.sh script to generate a new benchmark.

As compared to ansible-vault (v2.9.11 on python v3.8.5), typical actions take a 80% less time to complete.

image

Action ansible-vault gwvault
encrypt 482 ms 94 ms
decrypt 499 ms 96 ms
rekey 650 ms 162 ms
encrypt_string 429 ms 64 ms
encrypt + decrypt 1,087 ms 168 ms

See ./benchmark/results.html for a detailed breakdown of the results after running the benchmark.

Built With

Deployment

Run ./release.sh $VERSION

This will update docs, changelog, add the tag, push main and the tag to the repo. The goreleaser action will publish the binaries to the Github Release.

If you want to simulate the goreleaser process, run the following command:

$ curl -sL https://git.io/goreleaser | bash -s -- --rm-dist --skip-publish --snapshot

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

  1. Fork the GoodwayGroup/gwvault repo
  2. Use go >= 1.16
  3. Branch & Code
  4. Run linters :broom: golangci-lint run
  5. Commit with a Conventional Commit
  6. Open a PR

Versioning

We employ git-chglog to manage the CHANGELOG.md. For the versions available, see the tags on this repository.

Authors

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE file for details

Acknowledgments

Sponsors

goodwaygroup