Integrate the ansible vault directly into IntelliJ IDEA with context actions for vaulting and unvaulting secrets. This
makes working with ansible-vault a breeze!
Vault any text from within your yaml file, just hint Alt+Enter -> Vault ansible secret
Unvaulting is as easy as placing your cursor in the secret, hitting Alt+Enter -> Unvault ansible secret and you
are done!
- IDEA-based IDE compatible with the plugin
- Press (Ctrl+Alt+S/⌘/) to open the IDE settings and select Plugins.
- Search for
MJML Supportin the Marketplace and click Install.
Got a custom vault file for your project? - I got you covered with custom command line arguments!
In case you are using a script to provide your vault secret, the plugin provides the following environment variables:
| Environment variable | Content |
|---|---|
| IDEA_ANSIBLE_VAULT_CONTEXT_FILE | Absolute path to the file the vault/unvault action was triggered in |
| IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY | Name of the directory the action was triggered in, NO path |
| IDEA_ANSIBLE_VAULT_CONTEXT_PROJECT_BASE_PATH | Absolute path of the project the action was triggered in |
| IDEA_ANSIBLE_VAULT_CONTEXT_PROJECT_NAME | Name of the project the action was triggered in |
Navigate to Settings | Tools | Ansible Vault
Use following cli args:
--vault-password-file .project-secret
Use following cli args:
--vault-password-file ~/.ansible-secret
Let's say you have an ansible setup with three stages (dev, qa, prod), with the following directory structure:
group-vars/
all/vars.yml
dev/vars.yml
qa/vars.yml
prod/vars.yml
For each maturity you have a different vault file following this pattern: .${maturity}.secret, you can use the following
configuration:
Cli args:
--vault-password-file .idea-get-vault-password.sh
Create the file .idea-get-vault-password.sh (0700):
#!/usr/bin/env bash
# Helper to show error message
__error_message() {
>&2 echo "$1"
exit 2
}
# Check script is not called directly
if [ -z "$IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY" ]
then
__error_message "Call is not coming from IntelliJ Plugin"
fi
# Check context folder
case "$IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY" in
# known maturities
dev|qa|prod)
secret_file=".${IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY}.secret"
if [ -f "$secret_file" ]
then
cat ".${IDEA_ANSIBLE_VAULT_CONTEXT_DIRECTORY}.secret"
else
__error_message "Secret file '${secret_file}' not found"
fi
;;
# whoops something went wrong
*)
__error_message "Unsupported folder"
exit 2
;;
esacAnsible is great, but the ansible-vault is a piece of junk to use for passwords to encrypt and decrypt.
I love your input! I want to make contributing to this project as easy and transparent as possible, whether it's:
- Reporting a bug
- Discussing the current state of the configuration
- Submitting a fix
- Proposing new features
- Becoming a maintainer
To get started please read the Contribution Guidelines.
# To run unit tests
./gradlew test
# To run plugin verifier to check compability
./gradlew verifyPlugin./gradlew buildPlugin