From d9ce8cf1dfd47b919295aa3fbabfd222e5f54f88 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Thu, 8 Oct 2020 11:13:26 +0200
Subject: [PATCH] add option to pass Ansible vault password

---
 CHANGELOG.md         | 7 +++++--
 README.md            | 4 ++++
 overlay/bin/molecule | 5 ++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 54596a0..664533c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,2 +1,5 @@
-- INTERNAL
-  - migrate to `thegeeklab` namespace
+- ENHANCEMENT
+  - Add env variable `MOLECULE_ANSIBLE_VAULT_PASSWORD`.
+    If the variable is set, the value is written to
+    `ANSIBLE_VAULT_PASSWORD_FILE=/root/.vaultpasswd and
+    passed to molecule.
diff --git a/README.md b/README.md
index 3809e8e..a81f77d 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@ MOLECULE_PLUGINS_DIR=$(pwd)/plugins
 # If you have custom filters you can specify a git repo containing these files.
 # Will be cloned to $MOLECULE_PLUGINS_DIR/filter
 MOLECULE_CUSTOM_FILTERS_REPO=
+
+# If the variable is set, the value is written to `ANSIBLE_VAULT_PASSWORD_FILE=/root/.vaultpasswd
+and automatically passed to molecule.
+MOLECULE_ANSIBLE_VAULT_PASSWORD=my_secret
 ```
 
 ## License
diff --git a/overlay/bin/molecule b/overlay/bin/molecule
index b96e99c..8ee9ab8 100755
--- a/overlay/bin/molecule
+++ b/overlay/bin/molecule
@@ -21,4 +21,7 @@ if [ -n "${MOLECULE_CUSTOM_FILTERS_REPO}" ]; then
     git clone "$MOLECULE_CUSTOM_FILTERS_REPO" "$WORKDIR" 2> /dev/null
 fi
 
-exec /usr/local/bin/molecule "$@"
+touch /root/.vaultpasswd
+echo "${MOLECULE_ANSIBLE_VAULT_PASSWORD}" > /root/.vaultpasswd
+
+exec env ANSIBLE_VAULT_PASSWORD_FILE=/root/.vaultpasswd /usr/local/bin/molecule "$@"