encryptionansibleansible-vault

How to check if file is encrypted by ansible-vault?


I need to encrypt a file using ansible-vault. I would like to perform the encryption only if the file is not already encrypted by ansible-vault. I am trying to use this task in my Ansible playbook:

- local_action: command
    ansible-vault encrypt path/to/file
  when: <when file is not already encrypted by ansible-vault>

Is there a logic to use in the conditional statement that will check if a file is already encrypted by ansible-vault?


Solution

  • There is likely a myriad of ways to do it, all having little to do with Ansible and Ansible Vault itself. Here's one:

    - local_action: shell
        head -1 {{ file }} | grep -v -q \$ANSIBLE_VAULT && ansible-vault encrypt {{ file }}
    
    

    You'll also need --vault-password-file otherwise Ansible will stop processing and wait on prompt.