prompt for new pass on create/encrypt if none specified (#28185)

* prompt for new pass on create/encrypt if none specified Make 'ansible-vault' edit or encrypt prompt for a password if none or provided elsewhere. Note: ansible-playbook does not prompt if not vault password is provided * dont show vault password prompts if not a tty
2026-05-06 13:22:48 +00:00 · 2017-08-15 13:09:24 -04:00
parent 09cc84c796
commit 8003437ebc
2 changed files with 86 additions and 1 deletions
--- a/lib/ansible/cli/init.py
+++ b/lib/ansible/cli/init.py
@@ -234,11 +234,17 @@ class CLI(with_metaclass(ABCMeta, object)):

        vault_ids = CLI.build_vault_ids(vault_ids,
                                        vault_password_files,
-                                        ask_vault_pass)
+                                        ask_vault_pass,
+                                        create_new_password)

        for vault_id_slug in vault_ids:
            vault_id_name, vault_id_value = CLI.split_vault_id(vault_id_slug)
            if vault_id_value in ['prompt', 'prompt_ask_vault_pass']:
+
+                # prompts cant/shouldnt work without a tty, so dont add prompt secrets
+                if not sys.stdin.isatty():
+                    continue
+
                # --vault-id some_name@prompt_ask_vault_pass --vault-id other_name@prompt_ask_vault_pass will be a little
                # confusing since it will use the old format without the vault id in the prompt
                built_vault_id = vault_id_name or C.DEFAULT_VAULT_IDENTITY