5

How can I pass a password to my python script when it prompts for a password. I do not want the user to enter the password when it prompts. It should be passed directly from the script.

subprocess.run(['ansible-vault', 'decrypt', 'main.yml', 'linux.yml','--ask-vault-pass'])

While running the script it prompts for the password. I want the password to be passed from script only not by the user or passing a password file.

Is there a way to pass the password here? I have other ansible vault option like vault-password etc but that doesn't serve my purpose.

Samna Najeeb
  • 181
  • 2
  • 9
  • Does this answer your question? [How to read/process command line arguments?](https://stackoverflow.com/questions/1009860/how-to-read-process-command-line-arguments) – Shiva Apr 26 '21 at 09:54
  • This works when passed s argument. here the pasword is prompted and i want to pass it tried nit worked – Samna Najeeb Apr 27 '21 at 05:09
  • Instead of `--ask-valut-pass` can you try [--vault-password-file](https://docs.ansible.com/ansible/2.4/playbooks_vault.html#using-vault-in-playbooks) option? That way you just have pass the file path as one of subprocess.run argument. – Shiva Apr 27 '21 at 05:50
  • @shiva that doesnt serve my requirement. i cant place my password file outside the python script. This ask for password file – Samna Najeeb Apr 27 '21 at 06:21
  • Sorry, I didn't read the question properly. – Shiva Apr 27 '21 at 06:42

1 Answers1

3

Instead of using the cmdline ansible-vault, you can use the Python package - ansible-vault which will allow you to hardcode the password inside the script itself:

from ansible_vault import Vault

vault = Vault('password')
main_data = vault.load(open('main.yml').read())
linux_data = vault.load(open('linux.yaml').read())

As you are hardcoding the password inside the code, ensure you don't commit this code anywhere or send it to anyone, it's a serious security risk.

Shiva
  • 2,627
  • 21
  • 33
  • 1
    Even better- don't hardcode it into the code at all. Use a .env file to keep it secure, and use the security standards for that file (don't commit it to anywhere, etc.). – Xiddoc Apr 27 '21 at 10:34