diff --git a/ansible-vault-check b/ansible-vault-check new file mode 100755 index 0000000000000000000000000000000000000000..41aa16cba0d3f7cc5ff7ed90995925e88c9a1faf --- /dev/null +++ b/ansible-vault-check @@ -0,0 +1,7 @@ +#!/bin/sh +set -eu +for filename in $@ +do + grep -q ANSIBLE_VAULT "$filename" || \ + (echo "$filename is not vaulted." && exit 1) +done diff --git a/hooks.yaml b/hooks.yaml index 3e7e89cb99a1b7e40c4a351ee487ee4c5d46fcee..e42edb5ddc98d063349b12cdbade75925e41cf83 100644 --- a/hooks.yaml +++ b/hooks.yaml @@ -1,7 +1,13 @@ --- -- id: ansible-pre-commit +- id: ansible-syntax-check name: Check Ansible playbooks description: Check Ansible playbooks for syntax errors. language: script entry: ansible-syntax-check files: playbook.yml +- id: ansible-vault-check + name: Verify vaulted files + description: Verify that Ansible Vault files are vaulted. + language: script + entry: ansible-vault-check + files: vault