ansible.parsing.vault package¶

class ansible.parsing.vault.VaultLib(password)[source]¶

Bases: object

is_encrypted(data)[source]¶

Test if this is vault encrypted data

Parameters:	data – a byte str or unicode string to test whether it is recognized as vault encrypted data
Returns:	True if it is recognized. Otherwise, False.

encrypt(data)[source]¶

Vault encrypt a piece of data.

Parameters:	data – a utf-8 byte str or unicode string to encrypt.
Returns:	a utf-8 encoded byte str of encrypted data. The string contains a header identifying this as vault encrypted data and formatted to newline terminated lines of 80 characters. This is suitable for dumping as is to a vault file.

decrypt(data)[source]¶

Decrypt a piece of vault encrypted data.

Parameters:	data – a string to decrypt. Since vault encrypted data is an ascii text format this can be either a byte str or unicode string.
Returns:	a byte string containing the decrypted data

class ansible.parsing.vault.VaultEditor(password)[source]¶

Bases: object

write_data(data, filename, shred=True)[source]¶

write data to given path

if shred==True, make sure that the original data is first shredded so that is cannot be recovered

class ansible.parsing.vault.VaultFile(password, filename)[source]¶

Bases: object

class ansible.parsing.vault.VaultAES[source]¶

Bases: object

aes_derive_key_and_iv(password, salt, key_length, iv_length)[source]¶: Create a key and an initialization vector

encrypt(data, password, key_length=32)[source]¶: Read plaintext data from in_file and write encrypted to out_file

decrypt(data, password, key_length=32)[source]¶: Read encrypted data from in_file and write decrypted to out_file

class ansible.parsing.vault.VaultAES256[source]¶

Bases: object

Vault implementation using AES-CTR with an HMAC-SHA256 authentication code. Keys are derived using PBKDF2

is_equal(a, b)[source]¶

Comparing 2 byte arrrays in constant time to avoid timing attacks.

It would be nice if there was a library for this but hey.