{ "info": { "author": "Charles Watkins", "author_email": "charles@titandws.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Operating System :: OS Independent", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.7" ], "description": "# vaultfly\nAnsible login automation using ansible vault with templating and password tokens\n\n## What\n- vaultfly is for automating ssh login when you need to use a token\n\n## Install\n\n```bash\npip install vaultfly --user\n```\n\n## Tokens (the hard part)\n- To generate the token, you need access to the token definition file.\n- Most likely you dont have access to that. \n- The work arround is to generate your own and use that.\n- I use 'python-vipaccess2'. It will generate a Symantec compatible token\n- pip install python-vipaccess2 or pipenv....\n- instructions can be found at https://github.com/chris17453/vipaccessUI\n\n## Help\n\n```bash\n$ vaultfly\n\nusage: vault-fly [-h] [-i] [-b] [-r] [-v VAULT_FILE] [-vt VAULT_TEMPLATE]\n [-c CONFIG_FILE] [-p PASSWORD_FILE] [-t] [-sc] [-sv] [-vvv]\n\nCreate ansible vault login credentials on the fly.\n\noptional arguments:\n -h, --help show this help message and exit\n\nCommands:\n -i, --init init user config\n -b, --build build a new vault file\n -r, --random-pass generate a random password and save it to the password\n file\n\nConfig:\n -v VAULT_FILE, --vault-file VAULT_FILE\n login vault file to create\n -vt VAULT_TEMPLATE, --vault-template VAULT_TEMPLATE\n create vault file with this template\n -c CONFIG_FILE, --config-file CONFIG_FILE\n user config created from 'init'\n -p PASSWORD_FILE, --password-file PASSWORD_FILE\n single line text file with used for vault password\n -t, --token use token with password in (password+token)\n\nDisplay:\n -sc, --show-config view config file\n -sv, --show-vault view vault file\n -vvv, --verbose Display more execution info\n\n```\n\n\n## Walkthrough\n```bash\n# create a user config with a random password file\n[test]$ vaultfly -i -p test.pass -c test.config\n\nPassword file is invalid, Create random password? [y/N] y\n\nEnter SSH credentials that anssible will connect with:\nUser [nd]:chris17453\nPassword: \n\n# view password file\n[test]$ cat test.pass\niroen@yh#Ts5fV04*BWcvRFj$HLDazZd\n\n# view config file\n[test]$ cat test.config \n$ANSIBLE_VAULT;1.1;AES256\n62633361656165383232353630303864343531663530373131323363623535323362333564616462\n6137633635313839303137363965656262376238643238310a356432313061333863363737613939\n64656537326532623531633833663933363534316530383730646539303865333765353266643437\n3463383330663731330a343231323139613062333462633865636463643234643634636238316562\n65633135386636356438663434633538653239303732333732316635636466336263353162336434\n3332376162626231653630336636303734333035636538386236\n\n# create new vault file on the fly\n[test]$ vaultfly -b -p test.pass -c test.config -v test.vault\n\n# view test vault\n[test]$ cat test.vault\n$ANSIBLE_VAULT;1.1;AES256\n34333735653766373361383963643037666234626231613461633166623334613731363063623666\n3763343062333337653637303736363061623962373762610a613632393335666565333633663333\n37613430653936663230346364643866616239326235306262373432323366316337633965383663\n3361363535343661350a323266353536626635666364376432303966326635626464383565323763\n33326239303863393566396464396438663533316336623237353862363734373732366666396433\n35656665313163306662613363306338383163643762666537623364653533333466376537663261\n61326535316331366661663332323861316436303731613165333638663463363262396630633534\n31653230626165613431623235336334613139333631623665313435313139333931653062326534\n3163\n\n#show decrypted vault\n[test]$ vaultfly -p test.pass -c test.config -v test.vault -sv\nansible_connection: ssh\nansible_ssh_pass: mypassword\nansible_ssh_user: chris17453\n\n# display template for next example\n[test]$ cat template.vault\nbob: 4324\n\n# create vault on the fly with token using a template \n# display unencrypted vault file (the display option is for convienence)\n\n[test]$ vaultfly -b -p test.pass \\\n -c test.config \\\n -v test.vault \\\n -vt template.vault \\\n -t\n\nansible_connection: ssh\nansible_ssh_pass: mypassword803883\nansible_ssh_user: chris17453\nbob: 4324\n\n```\n\n\n## How to use with ansible?\n- First I created a template called tpl.vault\n```yaml\nansible_become: true\nansible_become_method: su\nansible_user: 'user'\nansible_become_exe: 'sudo su -'\n```\n- Next then made an inventory - > inventory.ini\n```yaml\n[test]\ntest-box1.com.internal\ntest-box2.com.internal\n```\n- Then I made an ansible play -> copy.yaml\n```yaml\n---\n- hosts: test\n gather_facts: False\n tasks:\n - name: Copy stuff if this is -> test-box1.com.internal\n copy:\n src: ../code/\n dest: /tmp/placetoputstuff\n owner: user\n group: group\n when: inventory_hostname == \"test-box1.com.internal\"\n\n - name: Copy stuff if this is -> test-box2.com.internal\n copy:\n src: ../code/\n dest: /tmp/different_placetoputstuff\n owner: user\n group: group\n when: inventory_hostname == \"test-box2.com.internal\"\n```\n- Finally I run the play everytime I want to upload some files\n```bash\n\n#build a new vault with a token\nvaultfly -b -t -vt tpl.vault -p my-pass-file -c my-config-file -v group_vars/all\n# run the play\nansible-playbook -i inventory.ini copy.yaml\n```\n\n## updates\n- I will make updates as required giving time\n\n## notes\n- 'make standalone' will build no dependency executable in \"dist/\"", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/chris17453/vaultfly/", "keywords": "", "license": "Creative Commons Attribution-Noncommercial-Share Alike license", "maintainer": "", "maintainer_email": "", "name": "vaultfly", "package_url": "https://pypi.org/project/vaultfly/", "platform": "", "project_url": "https://pypi.org/project/vaultfly/", "project_urls": { "Homepage": "https://github.com/chris17453/vaultfly/" }, "release_url": "https://pypi.org/project/vaultfly/1.0.18/", "requires_dist": null, "requires_python": "", "summary": "Ansible vault automation for ssh connections which may also require a token", "version": "1.0.18" }, "last_serial": 4652479, "releases": { "1.0.18": [ { "comment_text": "", "digests": { "md5": "68c88e9f6e0301320430752921a69c0a", "sha256": "2a3033a6b28ddee5f02766f93ac48107416c32f5c70024ab130336a9bf76a73e" }, "downloads": -1, "filename": "vaultfly-1.0.18.tar.gz", "has_sig": false, "md5_digest": "68c88e9f6e0301320430752921a69c0a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7368, "upload_time": "2018-12-24T11:42:30", "url": "https://files.pythonhosted.org/packages/3a/60/1e655ae22e17dfd670918b84884f38308df324842a5a920ee31d1349d12a/vaultfly-1.0.18.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "68c88e9f6e0301320430752921a69c0a", "sha256": "2a3033a6b28ddee5f02766f93ac48107416c32f5c70024ab130336a9bf76a73e" }, "downloads": -1, "filename": "vaultfly-1.0.18.tar.gz", "has_sig": false, "md5_digest": "68c88e9f6e0301320430752921a69c0a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7368, "upload_time": "2018-12-24T11:42:30", "url": "https://files.pythonhosted.org/packages/3a/60/1e655ae22e17dfd670918b84884f38308df324842a5a920ee31d1349d12a/vaultfly-1.0.18.tar.gz" } ] }