add option to pass Ansible vault password

CHANGELOG.md

@@ -1,2 +1,5 @@
-- INTERNAL
-  - migrate to `thegeeklab` namespace
+- ENHANCEMENT
+  - Add env variable `MOLECULE_ANSIBLE_VAULT_PASSWORD`.
+    If the variable is set, the value is written to
+    `ANSIBLE_VAULT_PASSWORD_FILE=/root/.vaultpasswd and
+    passed to molecule.

README.md

@@ -26,6 +26,10 @@ MOLECULE_PLUGINS_DIR=$(pwd)/plugins
 # If you have custom filters you can specify a git repo containing these files.
 # Will be cloned to $MOLECULE_PLUGINS_DIR/filter
 MOLECULE_CUSTOM_FILTERS_REPO=
+
+# If the variable is set, the value is written to `ANSIBLE_VAULT_PASSWORD_FILE=/root/.vaultpasswd
+and automatically passed to molecule.
+MOLECULE_ANSIBLE_VAULT_PASSWORD=my_secret
 ```
 
 ## License

overlay/bin/molecule

@@ -21,4 +21,7 @@ if [ -n "${MOLECULE_CUSTOM_FILTERS_REPO}" ]; then
     git clone "$MOLECULE_CUSTOM_FILTERS_REPO" "$WORKDIR" 2> /dev/null
 fi
 
-exec /usr/local/bin/molecule "$@"
+touch /root/.vaultpasswd
+echo "${MOLECULE_ANSIBLE_VAULT_PASSWORD}" > /root/.vaultpasswd
+
+exec env ANSIBLE_VAULT_PASSWORD_FILE=/root/.vaultpasswd /usr/local/bin/molecule "$@"