ad7093c17b
This is a role that takes some ASCII gpg keys, and encrypts a file with them. Change-Id: If2fe7921ff051a1c5d0589f5e32fba26d30ae96c
38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
- name: Validate input file
|
|
fail:
|
|
msg: 'Must define "encrypt_file"'
|
|
when: encrypt_file is undefined
|
|
|
|
- name: Ensure gpg2 installed
|
|
package:
|
|
name: gnupg2
|
|
state: present
|
|
|
|
- name: Check for required keys
|
|
fail:
|
|
msg: 'Name {{ zj_recipient_name }} not in encrypt_file_keys'
|
|
when: zj_recipient_name not in encrypt_file_keys | map(attribute="name")
|
|
loop: '{{ encrypt_file_recipients }}'
|
|
loop_control:
|
|
loop_var: zj_recipient_name
|
|
|
|
- name: Build recipient list
|
|
set_fact:
|
|
_recipients: '{{ encrypt_file_keys | selectattr("name", "in", encrypt_file_recipients) | list }}'
|
|
|
|
- name: Install keys
|
|
include_tasks: import-key.yaml
|
|
loop: '{{ _recipients }}'
|
|
loop_control:
|
|
loop_var: zj_encrypt_file
|
|
|
|
- name: Build recipient list
|
|
set_fact:
|
|
_recipients_cmd: '--recipient={{ _recipients | map(attribute="key_id") | join(" --recipient=") }}'
|
|
|
|
- name: Encrypt file
|
|
command: 'gpg2 --encrypt --output {{ zj_encrypt_file }}.gpg {{ _recipients_cmd }} {{ zj_encrypt_file }}'
|
|
loop: '{{ [ encrypt_file ] if encrypt_file is string else encrypt_file }}'
|
|
loop_control:
|
|
loop_var: zj_encrypt_file
|