aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter_plugins/passwd.py29
1 files changed, 29 insertions, 0 deletions
diff --git a/filter_plugins/passwd.py b/filter_plugins/passwd.py
new file mode 100644
index 0000000..252cd6e
--- /dev/null
+++ b/filter_plugins/passwd.py
@@ -0,0 +1,29 @@
+# Copyright (c) 2018 Aaron LI <aly@aaronly.me>
+# MIT License
+
+"""
+Custom Ansible template filters to crypt/hash passwords.
+"""
+
+import os
+import base64
+import crypt
+
+
+def cryptpass(p):
+ """
+ Crypt the given plaintext password with salted SHA512 scheme,
+ which is supported by Linux/BSDs.
+ """
+ hashtype = "$6$"
+ saltlen = 16
+ salt = os.urandom(saltlen)
+ salt = base64.b64encode(salt)[:saltlen]
+ return crypt.crypt(p, hashtype+salt)
+
+
+class FilterModule(object):
+ def filters(self):
+ return {
+ "cryptpass": cryptpass,
+ }