Check The Difference Between Files Encrypted With Ansible-Vault With Git Diff.
Introduction
git diff
will explain how to make the difference of the encrypted file in ansible-vault visible in.
Allows you to view vault files without a password
Create file ./ansible.cfg
in the project home directory.
# Specify the path of the file that stores the ansible-vault password
[defaults]
vault_password_file = ./.vault_password
Create a file to store the password (here .vault_password
)
somestrongpassword123
Add the password file to to prevent accidental commits to the repository in .gitignore
.vault_password
Set the text converter for vault files to ansible-vault
.git/config
Or~/.gitconfig
add the following description.
[diff "ansible-vault"]
textconv = ansible-vault view
cachetextconv = true
- Specify the path of the vault file
# *-vault.yml * .vault.yml can also be specified with wildcard
sample.vault.yml diff = ansible-vault merge = binary
Check file differences
Now, git diff
in you will be able to see the differences of the vault file.
$ git diff
diff --git i/sample.vault.yml w/sample.vault.yml
index 0a181e0..658372b 100644
--- i/sample.vault.yml
+++ w/sample.vault.yml
@@ -1,2 +1,2 @@
---
-test = test
+test = testtest
End
Diffs in encrypted files are now visible in ansible-vault, making it easier to inadvertently notice mistakes.
Reference
- Ansible.cfg specification
- .gitattributes, .gitconfig specifications