From 43d68e5cabc15c2798a2e435ae29c6602018814c Mon Sep 17 00:00:00 2001
From: NaeiKinDus <git@0x2a.ninja>
Date: Sun, 2 Mar 2025 00:00:00 +0000
Subject: [PATCH] feat(tooling): added tasks to ease en/decrypt operations on
 vault files

---
 Taskfile.yml                 |  7 +++++++
 scripts/pass_get_vault_id.sh |  6 ++++++
 tasks/setup_linux.yml        |  1 +
 tasks/utils.yml              | 27 +++++++++++++++++++++++++++
 4 files changed, 41 insertions(+)
 create mode 100755 scripts/pass_get_vault_id.sh
 create mode 100644 tasks/utils.yml

diff --git a/Taskfile.yml b/Taskfile.yml
index 45252d8..1bdbf44 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -3,14 +3,20 @@ version: '3'
 includes:
   setup: ./tasks/setup_{{OS}}.yml
   test: ./tasks/tests.yml
+  utils:
+    taskfile: ./tasks/utils.yml
+    flatten: true
 
 env:
   DOCKER_REPOSITORY: pouncetech/molecule
+  ANSIBLE_VAULT_PASSWORD_FILE: ./scripts/pass_get_vault_id.sh
 
 vars:
   PYTHON_WRAPPER: '{{.ROOT_DIR}}/scripts/python_wrapper.sh'
   MOLECULE_DIR: '{{.ROOT_DIR}}/collections/ansible_collections/nullified/infrastructure/extensions'
   COLLECTIONS_DIR: '{{.ROOT_DIR}}/collections/ansible_collections'
+  ANSIBLE_PASS_PATH: ansible/vault-id
+  ANSIBLE_PASS_LENGTH: 50
 
 tasks:
   setup:
@@ -20,6 +26,7 @@ tasks:
       - task: 'setup:venv'
       - task: 'setup:ansible'
       - task: 'setup:galaxy'
+      - task: 'vault:init'
 
   docker:build:
     desc: build docker images locally.
diff --git a/scripts/pass_get_vault_id.sh b/scripts/pass_get_vault_id.sh
new file mode 100755
index 0000000..e8205dc
--- /dev/null
+++ b/scripts/pass_get_vault_id.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+PASSWORD_STORE_BIN=${PASSWORD_STORE_BIN:-"pass"}
+ANSIBLE_PASS_PATH=${ANSIBLE_PASS_PATH:-"ansible/vault-id"}
+
+$PASSWORD_STORE_BIN show "${ANSIBLE_PASS_PATH}"
diff --git a/tasks/setup_linux.yml b/tasks/setup_linux.yml
index fedf2fb..1962986 100644
--- a/tasks/setup_linux.yml
+++ b/tasks/setup_linux.yml
@@ -11,6 +11,7 @@ tasks:
           build-essential \
           coreutils \
           curl \
+          pass \
           libcurl4-openssl-dev \
           libtool \
           python3-virtualenv \
diff --git a/tasks/utils.yml b/tasks/utils.yml
new file mode 100644
index 0000000..62e59d4
--- /dev/null
+++ b/tasks/utils.yml
@@ -0,0 +1,27 @@
+version: '3'
+
+tasks:
+  encrypt:
+    desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
+    vars:
+      VAULT_FILES:
+        sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
+    cmds:
+      - for: { var: VAULT_FILES }
+        cmd: '{{.PYTHON_WRAPPER}} ansible-vault encrypt {{.ITEM | replace "\n" " " }} || true'
+
+  decrypt:
+    desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
+    vars:
+      VAULT_FILES:
+        sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
+    cmds:
+      - for: { var: VAULT_FILES }
+        cmd: '{{.PYTHON_WRAPPER}} ansible-vault decrypt {{.ITEM | replace "\n" " " }} || true'
+
+  vault:init:
+    desc: Create a vault id file in your home directory for encrypting/decrypting vault files
+    cmds:
+      - 'pass generate {{.ANSIBLE_PASS_PATH}} {{.ANSIBLE_PASS_LENGTH}} > /dev/null'
+    status:
+      - 'pass show {{.ANSIBLE_PASS_PATH}} &> /dev/null '