Skip to content
This repository has been archived by the owner on Sep 4, 2024. It is now read-only.
/ nanvault Public archive

A standalone CLI tool to encrypt and decrypt files in the Ansible Vault format

License

Notifications You must be signed in to change notification settings

marcobellaccini/nanvault

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

nanvault

nanvault tests GitHub release

nanvault is not-ansible-vault.

It is a standalone CLI tool to encrypt and decrypt files in the Ansible® Vault format.

Powerful: has UNIX-style composability - you can play with pipes!

Smart: it guesses what you want to do, based on piped input.

Batteries-included: it features a safe password generator and a YAML-string mode.

Thoroughly-tested: at the time of writing, there are more lines of code devoted to tests than to the program itself.

Free and open-source: released under the MIT license.

asciicast

Installation

GNU/Linux

You can download the latest binary from the releases page.

macOS

You can get the latest darwin build from the releases page.

Windows

Until the Crystal Windows porting is completed, you can go with Windows Subsystem for Linux.

From sources

If you prefer, you can build the program straight from the sources.

Usage

Generate a vault password file, then encrypt and decrypt files:

$ nanvault -g > passfile
$ echo "coolstuff" > test.txt
$ cat test.txt | nanvault -p passfile > test.enc
$ cat test.enc | nanvault -p passfile > decrypted_test.txt

Of course, you can provide your own ansible-vault password files.

If the NANVAULT_PASSFILE environment variable is set, the vault password file option may be omitted:

$ export NANVAULT_PASSFILE="passfile"
$ nanvault -g > $NANVAULT_PASSFILE
$ echo "Encrypt this! ^_^ " | nanvault
$ANSIBLE_VAULT;1.1;AES256
643439633661336237356434383036353...

If you want to provide a vault-id label, just use the right option:

$ echo "Encrypt this! ^_^ " | nanvault -l mylabel
$ANSIBLE_VAULT;1.2;AES256;mylabel
623466656431303538633462666133333935...

You can also convert data to and from YAML (this is compatible with ansible-vault encrypt_string):

$ echo "Encrypt this! ^_^ " | nanvault | nanvault -y mystuff
mystuff: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  653936313063303031376236373231336...
$ echo "Encrypt this! ^_^ " | nanvault | nanvault -y mystuff > my.yml
$ cat my.yml | nanvault -Y
$ANSIBLE_VAULT;1.1;AES256
6534346535376538306330623363653...
$ cat my.yml | nanvault -Y | nanvault
Encrypt this! ^_^

Get help and discover all the options:

$ nanvault -h

Development

nanvault is proudly programmed in Crystal.

<<Fast as C, Slick as Ruby>>

Building from sources

  1. Install Crystal. Please make sure to install libssl-dev and libyaml-dev too.
  2. Clone this repo (git clone https://github.com/marcobellaccini/nanvault)
  3. Build with shards (shards build)

Instead, if you have Docker, you can compile a statically-linked binary (using the official Crystal Alpine-Linux Docker images) by running the build script:

./build.sh [debug/release]

Contributing

  1. Fork it (https://github.com/marcobellaccini/nanvault/fork)
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

Contributors


Ansible® is a registered trademark of Red Hat, Inc. in the United States and other countries.