Today I learned via Tristan (link to Twitter removed) about a library which is able to read and write Ansible vault files. I had a quick look because this might come in handy.
#!/usr/bin/env python3.7
from ansible_vault import Vault
vault = Vault('supersecurepassword')
data = vault.load(open('data.file').read())
print(data)This is not an official Ansible project, according to the project page, but it appears to do its job:
$ echo seekr1t > data.file
$ ansible-vault encrypt data.file
New Vault password:
Confirm New Vault password:
Encryption successful
$ head -1 data.file
$ANSIBLE_VAULT;1.1;AES256
$ ./jp.py
seekr1t
$ echo seekr1t > data.file
$ ansible-vault encrypt --vault-id PROD@prompt data.file
New vault password (PROD):
Confirm new vault password (PROD):
Encryption successful
$ head -1 data.file
$ANSIBLE_VAULT;1.2;AES256;PROD
$ ./jp.py
seekr1tThe code requires Ansible to be installed.