Browse Source

Add check for encryption

master v0.1
IamTheFij 4 years ago
parent
commit
5903e6b85a
  1. 1
      .gitignore
  2. 6
      .pre-commit-hooks.yaml
  3. 7
      README.md
  4. 17
      encryption-check.sh
  5. 6
      hooks.yaml

1
.gitignore

@ -0,0 +1 @@
tags

6
.pre-commit-hooks.yaml

@ -0,0 +1,6 @@
- id: encryption-check
name: Ansible Vault Encryption Check
description: Checks that vault files are encrypted
entry: encryption-check.sh
files: ((^|/)vault|vault.y[a]{0,1}ml$|.vault$)
language: script

7
README.md

@ -1,3 +1,8 @@
# ansible-pre-commit
Pre-commit hooks for working with Ansible
A set of [pre-commit](http://pre-commit.com) hooks that help with Ansible
## Hooks
### encryption-check
Verifies that vault files are encrypted. Defaults to checking files starting with `vault`, ending with `.vault.yml` or ending in `.vault`

17
encryption-check.sh

@ -0,0 +1,17 @@
#! /bin/bash
# Verifies that files passed in are encrypted
set -e
has_error=0
for file in $@ ; do
head -1 "$file" | grep --quiet '^\$ANSIBLE_VAULT;' || {
echo "ERROR: $file is not encrypted"
has_error=1
}
done
if [ $has_error ] ; then
echo "To ignore, use --no-verify"
fi
exit $has_error

6
hooks.yaml

@ -0,0 +1,6 @@
- id: encryption-check
name: Ansible Vault Encryption Check
description: Checks that vault files are encrypted
entry: encryption-check.sh
files: ((^|/)vault|vault.y[a]{0,1}ml$|.vault$)
language: script
Loading…
Cancel
Save