ansible-vault edit changes sha1 of file even when edits are not saved

[Jim McMahon]

I want to view a file that has been encrypted with ansible-vault, but I don't want to make any changes. The ansible-vault command doesn't have an option to just cat the decrypted file.  Here are the options available:

➜  defaults git:(master) ✗ ansible-vault --help

Usage: ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name

Options:

  -h, --help  show this help message and exit

See 'ansible-vault <command> --help' for more information on a specific command.

So I've been using ansible-vault edit command to view the file and then quit the editor without saving when done viewing the contents. Surprisingly, even though I quit out of the editor without saving, it changes the file anyway.  Why is this?  When I do a git status I see the file is modified and the SHA1 has been changed. See below for an example where no changes were saved:

➜  defaults git:(master) openssl sha1 main.yml

SHA1(main.yml)= 63acb6f65ae7d1ad34e047e80acd8857ebab5692

➜  defaults git:(master) ansible-vault edit main.yml 

Vault password: 

➜  defaults git:(master) ✗ openssl sha1 main.yml      

SHA1(main.yml)= 7c48df4f13402558c0e1ca691250a0e8be0bc548

[ra...@future500.nl]

Ansible vault actually supports the 'view' command, since two days ago (version 1.8).

There's also a pull request to update the docs on the website to reflect this.

- Ramon

Op vrijdag 28 november 2014 14:42:04 UTC+1 schreef Jim McMahon:

[Jim McMahon]

Thanks Ramon.  

The ansible-vault view command that's included with version 1.8 is just what I'm looking for.  Still I find it surprising that ansible-vault edit command with no saved editor modifications still changes the SHA-1 of the file. But at least I'm aware of this possibility.