vault_encrypt_string
Encrypt sensitive strings securely using Ansible Vault by providing the string, vault ID, and password file, ensuring data protection in infrastructure operations.
Instructions
Encrypt a string using Ansible Vault
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| name | No | ||
| string | Yes | ||
| vault_id | No | ||
| vault_password_file | No |
Input Schema (JSON Schema)
{
"$schema": "http://json-schema.org/draft-07/schema#",
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"string": {
"minLength": 1,
"type": "string"
},
"vault_id": {
"type": "string"
},
"vault_password_file": {
"type": "string"
}
},
"required": [
"string"
],
"type": "object"
}
Implementation Reference
- The encryptString function that executes the core logic of the vault_encrypt_string tool by spawning ansible-vault encrypt_string and piping the input string.export async function encryptString(options: VaultEncryptStringOptions): Promise<string> { return new Promise((resolve, reject) => { const args = ['encrypt_string']; // Add vault ID if specified if (options.vault_id) { args.push(`--vault-id=${options.vault_id}`); } // Add vault password file if specified if (options.vault_password_file) { args.push(`--vault-password-file=${options.vault_password_file}`); } // Add name if specified if (options.name) { args.push(`--name=${options.name}`); } // Add --stdin flag to read from stdin args.push('--stdin'); console.error(`Executing: ansible-vault ${args.join(' ')} (with string piped to stdin)`); const vaultProcess = spawn('ansible-vault', args, { stdio: ['pipe', 'pipe', 'pipe'] }); let stdoutData = ''; let stderrData = ''; vaultProcess.stdout.on('data', (data) => { stdoutData += data.toString(); }); vaultProcess.stderr.on('data', (data) => { stderrData += data.toString(); }); vaultProcess.on('close', (code) => { if (code === 0) { resolve(stdoutData.trim()); } else { const errorMessage = stderrData || `ansible-vault exited with code ${code}`; reject(new AnsibleExecutionError(`Error encrypting string: ${errorMessage}`, stderrData)); } }); vaultProcess.on('error', (err) => { reject(new AnsibleExecutionError(`Failed to start ansible-vault: ${err.message}`)); }); // Write the string to encrypt to stdin vaultProcess.stdin.write(options.string); vaultProcess.stdin.end(); }); }
- Zod schema defining the input parameters for the vault_encrypt_string tool.export const VaultEncryptStringSchema = z.object({ string: z.string().min(1, 'String to encrypt is required'), vault_id: z.string().optional(), vault_password_file: z.string().optional(), name: z.string().optional(), }); export type VaultEncryptStringOptions = z.infer<typeof VaultEncryptStringSchema>;
- src/sysoperator/index.ts:80-84 (registration)Registration of the vault_encrypt_string tool in the toolDefinitions map, linking schema and handler.vault_encrypt_string: { description: 'Encrypt a string using Ansible Vault', schema: VaultEncryptStringSchema, handler: vault.encryptString, },