add existing file encryption check

MaxBed4d · MaxBed4d · commit 74f582ab7e4e · 2024-11-19T14:41:46.000Z
diff --git a/etc/kayobe/ansible/wazuh-secrets.yml b/etc/kayobe/ansible/wazuh-secrets.yml
@@ -3,6 +3,7 @@
   gather_facts: false
   vars:
     wazuh_secrets_path: "{{ kayobe_env_config_path }}/wazuh-secrets.yml"
+    override_special_characters: '"#$%&()*+,-./:;<=>?@[\]^_{|}~'
   tasks:
     - name: install passlib[bcrypt]
       pip:
@@ -19,6 +20,22 @@
         path: "{{ wazuh_secrets_path }}"
       register: waz_exist_result
 
+    - name: Check if secret is encrypted
+      block:
+        - name: Try to decrypt secret
+          no_log: True
+          copy:
+            content: "{{ lookup('ansible.builtin.file', wazuh_secrets_path) | ansible.builtin.vault(ansible_vault_password) }}"
+            dest: "{{ wazuh_secrets_path }}"
+            decrypt: True
+          vars:
+            ansible_vault_password: "{{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}"
+      rescue:
+        - name: Secrets already decrypted
+          ansible.builtin.debug:
+            msg: 'Secret was already decrypted'
+      when: waz_exist_result.stat.exists
+
     - name: Template new secrets
       no_log: True
       template:
@@ -34,4 +51,3 @@
         decrypt: false
       vars:
         ansible_vault_password: "{{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}"
-      when: not waz_exist_result.stat.exists
