version: '3'

tasks:
  encrypt:
    desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
    vars:
      VAULT_FILES:
        sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
    cmds:
      - for: { var: VAULT_FILES }
        cmd: '{{.PYTHON_WRAPPER}} ansible-vault encrypt {{.ITEM | replace "\n" " " }} || true'

  decrypt:
    desc: encrypt all vault.yml files using; requires creating a vault-id file in your home
    vars:
      VAULT_FILES:
        sh: find . -type f -name vault.yml -and -not -path "./.venv/*"
    cmds:
      - for: { var: VAULT_FILES }
        cmd: '{{.PYTHON_WRAPPER}} ansible-vault decrypt {{.ITEM | replace "\n" " " }} || true'

  vault:init:
    desc: Create a vault id file in your home directory for encrypting/decrypting vault files
    cmds:
      - |
        pass show {{.ANSIBLE_PASS_PATH}} &> /dev/null ||
        pass generate {{.ANSIBLE_PASS_PATH}} {{.ANSIBLE_PASS_LENGTH}} > /dev/null
    status:
      - 'pass show {{.ANSIBLE_PASS_PATH}} &> /dev/null'