GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → viczem → ansible-keepass

viczem / ansible-keepass

Licence: MIT license
Ansible plugin to fetch data from KeePass database file

Programming Languages

python
139335 projects - #7 most used programming language

Labels

ansiblekeepassansible-pluginsansible-plugin

Projects that are alternatives of or similar to ansible-keepass

Poshkeepass
PowerShell module for KeePass
Stars: ✭ 177 (+378.38%)
Mutual labels:  keepass
qute-keepassxc
Qutebrowser userscript to fetch credentials from KeepassXC password database
Stars: ✭ 44 (+18.92%)
Mutual labels:  keepass
sandpass
Password manager for Sandstorm
Stars: ✭ 26 (-29.73%)
Mutual labels:  keepass
Argon2 Browser
Argon2 library compiled for browser runtime
Stars: ✭ 197 (+432.43%)
Mutual labels:  keepass
buttercup-importer
🎣 3rd-party archive importer for Buttercup
Stars: ✭ 39 (+5.41%)
Mutual labels:  keepass
KeePassQuickUnlock
KeePass 2.x plugin which lets you unlock databases quickly.
Stars: ✭ 121 (+227.03%)
Mutual labels:  keepass
Keepasswinhello
Quick unlock with Windows Hello for KeePass 2
Stars: ✭ 162 (+337.84%)
Mutual labels:  keepass
csv2keepassxml
Convert CSV files into KeePass 2 XML files.
Stars: ✭ 31 (-16.22%)
Mutual labels:  keepass
kpmenu
Dmenu/rofi interface for KeePass
Stars: ✭ 21 (-43.24%)
Mutual labels:  keepass
QuickConnectPlugin
A KeePass plugin that allows you to connect to Windows/Linux/ESXi hosts.
Stars: ✭ 60 (+62.16%)
Mutual labels:  keepass
Keepass2android
Password manager app for Android
Stars: ✭ 2,887 (+7702.7%)
Mutual labels:  keepass
keevault
Kee Vault is a password manager for your web browser. Password databases (Vaults) are encrypted using the KeePass storage format before being sent to a remote server for synchronisation across any modern device/browser
Stars: ✭ 57 (+54.05%)
Mutual labels:  keepass
KeePassHax
A tool to extract a KeePass master password from memory
Stars: ✭ 57 (+54.05%)
Mutual labels:  keepass
Hibpofflinecheck
Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords
Stars: ✭ 191 (+416.22%)
Mutual labels:  keepass
KeePassRDP
KeePassRDP is a plugin for KeePass 2.x which adds multiple options to connect via RDP to the URL of an entry.
Stars: ✭ 41 (+10.81%)
Mutual labels:  keepass
Keepassjava2
Java API for KeePass Password Databases - Read/Write 2.x, Read 1.x
Stars: ✭ 168 (+354.05%)
Mutual labels:  keepass
keepass-rs
KeePass kdbx database file parser
Stars: ✭ 72 (+94.59%)
Mutual labels:  keepass
EarlyUpdateCheck
Perform KeePass update check BEFORE opening a database and automatically update plugins
Stars: ✭ 27 (-27.03%)
Mutual labels:  keepass
KeePassSubsetExport
KeePassSubsetExport is a KeePass2 plugin which automatically exports a subset of entries to new databases
Stars: ✭ 39 (+5.41%)
Mutual labels:  keepass
keepassxc-pwned
Check your keepassxc database against previously breached haveibeenpwned passwords
Stars: ✭ 25 (-32.43%)
Mutual labels:  keepass
View All Similar Projects ➔

Ansible KeePass Lookup Plugin

Perhaps, from a security view point, this solution is the same as ansible-vault. Just if you are storing secrets data in KeePass, then why not use it, instead of duplicating to ansible-vault.

Installation

Dependency: pykeepass==3.2.1

pip install 'pykeepass==3.2.1' --user
mkdir -p ~/.ansible/plugins/lookup && cd "$_"
curl https://raw.githubusercontent.com/viczem/ansible-keepass/master/keepass.py -o ./keepass.py

More about ansible plugins installation

Variables

  • keepass_dbx - path to KeePass file
  • keepass_psw - password. [optional] if the socket is used
  • keepass_key - [optional] path to keyfile

Usage

For global variables define them once in group_vars/all.

For security reasons, do not store KeePass password in plain text. Use ansible-vault encrypt_string to encrypt the password. I'm not sure, but I think that for simplicity, it is safe to use the same ansible-vault password as KeePass password. To decrypt the passwod use --ask-vault-pass e.g. ansible all -m ping --ask-vault-pass.

# file: group_vars/all

keepass_dbx: "~/.keepass/database.kdbx"
keepass_psw: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      ...

Alternative usage with UNIX socket

This usage is more preferred for performance reason, because of KeePass file stay decrypted and not need to reopen after done each playbook task (see the issue for more info)

In this case, there is no need to enter a password for KeePass each time Ansible is called. Run socket by the command and after that enter a password to make to open KeePass file.

Supported only Python 3

python3 kpsock.py ~/.keepass/database.kdbx

The command will creates UNIX socket in a system temp directory. Only one socket

WARNING: The KeePass file and password are stay decrypted in memory while the socket is open.

The socket timeout is 1 minute since past access (will be closed automatically when not used). To change timeout use --ttl argument. For logging requests in a file use --log (default --log-level is INFO).

For help python kpsock.py --help

To send the running command in background press CTRL+Z and execute bg (fg to get the job into the foreground again).

Example

Define variables you need e.g. in any file in group_vars

ansible_user             : "{{ lookup('keepass', 'path/to/entry', 'username') }}"
ansible_become_pass      : "{{ lookup('keepass', 'path/to/entry', 'password') }}"
ansible_custom_field     : "{{ lookup('keepass', 'path/to/entry', 'custom_field_property', true) }}"
ansible_all_custom_fields: "{{ lookup('keepass', 'path/to/entry', '*', true) }}"

You can get another properties of an KeePass entry (not only username or password)

Specify a boolean value of true to use custom field properties

ansible-doc -t lookup keepass - to get description of the plugin

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].