Credit for this little trick goes to Ironic Badger's Ansible github repository. Which he has stolen from someone else!
When setting up your Ansible playbooks you can include this script in the top directory and run it from the terminal to add this pre-commit hook. This will check to see if your vault is encrypted before committing to source control. Make sure you set the correct path for your vault!
#!/bin/bash# sets up a pre-commit hook to ensure that vault.yaml is encrypted## credit goes to nick busey from homelabos for this neat little trick# https://gitlab.com/NickBusey/HomelabOS/-/issues/355if [ -d .git/ ]; thenrm .git/hooks/pre-commitcat <<EOT >> .git/hooks/pre-commitif ( git show :vars/vault.yaml | grep -q "\$ANSIBLE_VAULT;" ); thenecho "Vault Encrypted. Safe to commit."elseecho "Vault not encrypted! Run 'make encrypt' and try again."exit 1fiEOTfichmod +x .git/hooks/pre-commit
Use a makefile for easily running your Ansible playbook from the command line without typing in your password. Use the entry below and create a file with your vault password in
remote: ansible-playbook ansible/playbook.remote.yml --vault-password-file .vault-password