nanvault
nanvault
nanvault is not-ansible-vault.
It is a standalone CLI tool to encrypt and decrypt files in the Ansible® Vault format.
Powerful: has UNIX-style composability - you can play with pipes!
Smart: it guesses what you want to do, based on piped input.
Batteries-included: it features a safe password generator and a YAML-string mode.
Thoroughly-tested: at the time of writing, there are more lines of code devoted to tests than to the program itself.
Free and open-source: released under the MIT license.
Installation
GNU/Linux
You can download the latest binaries from the releases page.
Then, you may want to copy them in some handy path (e.g.: /usr/bin, /usr/local/bin).
macOS
At this moment, there are no precompiled binaries for you (the author is not a macOS user).
However:
- you can build the program from the sources (it's easier than you might expect!)
- ...and, if you feel like it, you can contribute to the project with your macOS skills
Windows
Until the Crystal Windows porting is completed, you can go with Windows Subsystem for Linux.
From sources
If you prefer, you can build the program straight from the sources.
Usage
Generate a vault password file, then encrypt and decrypt files:
$ nanvault -g > passfile
$ echo "coolstuff" > test.txt
$ cat test.txt | nanvault -p passfile > test.enc
$ cat test.enc | nanvault -p passfile > decrypted_test.txt
Of course, you can provide your own ansible-vault password files.
If the NANVAULT_PASSFILE environment variable is set, the vault password file option may be omitted:
$ export NANVAULT_PASSFILE="passfile"
$ nanvault -g > $NANVAULT_PASSFILE
$ echo "Encrypt this! ^_^ " | nanvault
$ANSIBLE_VAULT;1.1;AES256
643439633661336237356434383036353...
If you want to provide a vault-id label, just use the right option:
$ echo "Encrypt this! ^_^ " | nanvault -l mylabel
$ANSIBLE_VAULT;1.2;AES256;mylabel
623466656431303538633462666133333935...
You can also convert data to and from YAML (this is compatible with ansible-vault encrypt_string):
$ echo "Encrypt this! ^_^ " | nanvault | nanvault -y mystuff
mystuff: !vault |
$ANSIBLE_VAULT;1.1;AES256
653936313063303031376236373231336...
$ echo "Encrypt this! ^_^ " | nanvault | nanvault -y mystuff > my.yml
$ cat my.yml | nanvault -Y
$ANSIBLE_VAULT;1.1;AES256
6534346535376538306330623363653...
$ cat my.yml | nanvault -Y | nanvault
Encrypt this! ^_^
Get help and discover all the options:
$ nanvault -h
Development
nanvault is proudly programmed in Crystal.
<<Fast as C, Slick as Ruby>>
Building from sources
- Install Crystal. Please make sure to install libssl-dev and libyaml-dev too.
- Clone this repo (
git clone https://github.com/marcobellaccini/nanvault) - Build with shards (
shards build)
Instead, if you have Docker, you can compile a statically-linked binary (using the official Crystal Alpine-Linux Docker images) by running the build script:
./build.sh [debug/release]
Contributing
- Fork it (https://github.com/marcobellaccini/nanvault/fork)
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create a new Pull Request
Contributors
- Marco Bellaccini - creator, maintainer and cool guy
Ansible® is a registered trademark of Red Hat, Inc. in the United States and other countries.
nanvault: github: marcobellaccini/nanvault version: ~> 0.2.0
