Skip to content
Java utility to handle Ansible vaults from java programs.
Java
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Added Apache 2.0 License. Work done on tests. Mar 24, 2016
.gitignore Release of first version Jun 4, 2015
LICENSE.txt Added Apache 2.0 License. Work done on tests. Mar 24, 2016
README.md
dependency-reduced-pom.xml 1.2.0 release Mar 24, 2016
pom.xml

README.md

Java Ansible Vault Utility Library

This library allows you to handle Ansible encrypted vaults.

Quick examples

Here are a couple of examples of how you could use this library

Easy peasy

JavaAnsibleVault uses https://github.com/EsotericSoftware/yamlbeans for serializing/deserializing objects to and from Ansible Vaults. This gives you very convenient ways of handling the vaults from Java.

Create an Ansible vault from a Java object

import net.wedjaa.ansible.vault.Manager;

public void createVault(Object someObject, String vaultPassword)
{
        try
        {
            String objectVault = manager.writeToVault(someObject, vaultPassword);
            // objectVault contains now an encrypted YML vault with the
            // object properties... do what you please with it....
        }
        catch (IOException ex)
        {
           // Something went wrong in creating the vault
        }
}

Deserialize a vault into a Java Object

import net.wedjaa.ansible.vault.Manager;

public void readVault(String vault, Class theObjectClass, String vaultPassword)
{
        try
        {
            Object deserializedObject = manager.getFromVault(theObjectClass, vault, vaultPassword);
            // deserializedObject is the object coming out from the vault - cast away!
        }
        catch (IOException ex)
        {
           // Something went wrong in opening and parsing the vault
        }
}

Full control

Create a vault from a buffer or a stream

import net.wedjaa.ansible.vault.crypto;

public void encryptVault(String data, String vaultPassword)
{
        try
        {
            // Get a byte array out of a byte array in
            byte [] encryptedVault = VaultHandler.encrypt(data.getBytes(), vaultPassword);
            // Or use streams
            VaultHandler.encrypt(inputClearStream, outputVaultStream, vaultPassword);
        } catch(Exception ex) {
            ex.printStackTrace();
            logger.warn("Failed to create vault: " + ex.getMessage());
        }
}

Read a vault from a buffer or a stream

import net.wedjaa.ansible.vault.crypto;

public void decryptVault(String vault, String vaultPassword)
{
        try
        {
            // Get a byte array out of a byte array in
            byte [] decryptedVault = VaultHandler.decrypt(vault.getBytes(), vaultPassword);
            // Or use streams
            VaultHandler.decrypt(inputVaultStream, outputCleartextStream, vaultPassword);
        } catch(Exception ex) {
            ex.printStackTrace();
            logger.warn("Failed to decrypt vault: " + ex.getMessage());
        }
}

Notices and Limitations

The library handles only the newest (version 1.1) format of the vaults. It will cry and crash and burn with any previous versions of the vaults.

Ansible uses 256 bits keys to handle encryption and decryption of the vaults, this means that in order to handle these vaults you will need to install the unrestricted policy files from Oracle. You have been warned.

You can’t perform that action at this time.