vault_decrypt_string
Decrypt Ansible Vault encrypted strings using vault ID and password file to access secure configuration data.
Instructions
Decrypt a string encrypted with Ansible Vault
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| string | Yes | ||
| vault_id | No | ||
| vault_password_file | No |
Implementation Reference
- Implements the core logic for decrypting an Ansible Vault encrypted string using ansible-vault decrypt command, with temporary file handling and error management.export async function decryptString(options: VaultDecryptStringOptions): Promise<string> { let tempDir: string | undefined; try { // Create a unique temporary directory tempDir = await createTempDirectory('ansible-vault-decrypt'); // Write the encrypted string to a temporary file const tempFilePath = await writeTempFile(tempDir, 'encrypted.txt', options.string); // Build the decrypt command arguments const args = ['decrypt', tempFilePath, '--output=-']; // Output to stdout // Add vault ID if specified if (options.vault_id) { args.splice(1, 0, `--vault-id=${options.vault_id}`); // Insert after 'decrypt' } // Add vault password file if specified if (options.vault_password_file) { args.splice(1, 0, `--vault-password-file=${options.vault_password_file}`); // Insert after 'decrypt' } const command = `ansible-vault ${args.join(' ')}`; console.error(`Executing: ${command}`); // Execute the command asynchronously const { stdout, stderr } = await execAsync(command); return stdout.trim(); } catch (error: any) { // Handle execution errors const errorMessage = error.stderr || error.message || 'Unknown error'; throw new AnsibleExecutionError(`Error decrypting string: ${errorMessage}`, error.stderr); } finally { // Ensure cleanup happens even if errors occur if (tempDir) { await cleanupTempDirectory(tempDir); } } }
- Zod schema defining the input parameters for the vault_decrypt_string tool: encrypted string (required), optional vault_id and vault_password_file.export const VaultDecryptStringSchema = z.object({ string: z.string().min(1, 'Encrypted string is required'), vault_id: z.string().optional(), vault_password_file: z.string().optional(), }); export type VaultDecryptStringOptions = z.infer<typeof VaultDecryptStringSchema>;
- src/sysoperator/index.ts:85-89 (registration)Registers the 'vault_decrypt_string' tool in the toolDefinitions map, linking its description, input schema, and handler function.vault_decrypt_string: { description: 'Decrypt a string encrypted with Ansible Vault', schema: VaultDecryptStringSchema, handler: vault.decryptString, },