I need to encrypt a file using ansible-vault
. I would like to perform the encryption only if the file is not already encrypted by ansible-vault
. I am trying to use this task in my Ansible playbook:
- local_action: command
ansible-vault encrypt path/to/file
when: <when file is not already encrypted by ansible-vault>
Is there a logic to use in the conditional statement that will check if a file is already encrypted by ansible-vault
?
There is likely a myriad of ways to do it, all having little to do with Ansible and Ansible Vault itself. Here's one:
- local_action: shell
head -1 {{ file }} | grep -v -q \$ANSIBLE_VAULT && ansible-vault encrypt {{ file }}
You'll also need --vault-password-file
otherwise Ansible will stop processing and wait on prompt.