feat: add rbw plugin for secret management

.justfile

@@ -1,10 +1,6 @@
 # Repo management tasks
-mod repo '.devfiles/justfile'
 set dotenv-load := true
 
-export ANSIBLE_VAULT_PASSWORD_FILE := justfile_directory() + "/.decrypt-pass.txt"
-export ANSIBLE_BECOME_PASSWORD_FILE := justfile_directory() + "/.become-pass.txt"
-
 # Debug output, disabled in CI
 
 export ANSIBLE_DISPLAY_ARGS_TO_STDOUT := if env('CI', '') == 'true' { 'false' } else { 'true' }

ansible.cfg

@@ -170,7 +170,7 @@ inventory=/etc/ansible/hosts,./hosts/inventory.yaml
 ;log_path=
 
 # (pathspec) Colon separated paths in which Ansible will search for Lookup Plugins.
-;lookup_plugins=/home/aleidk/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup
+lookup_plugins=/home/aleidk/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup:./lookup_plugins/
 
 # (string) Sets the macro for the 'ansible_managed' variable available for :ref:`ansible_collections.ansible.builtin.template_module` and :ref:`ansible_collections.ansible.windows.win_template_module`.  This is only relevant for those two modules.
 ;ansible_managed=Ansible managed
@@ -185,7 +185,7 @@ inventory=/etc/ansible/hosts,./hosts/inventory.yaml
 ;module_name=command
 
 # (pathspec) Colon separated paths in which Ansible will search for Modules.
-;library=/home/aleidk/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
+# library=/home/aleidk/.ansible/plugins/modules:/usr/share/ansible/plugins/modules:./modules
 
 # (pathspec) Colon separated paths in which Ansible will search for Module utils files, which are shared by modules.
 ;module_utils=/home/aleidk/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils

lookup_plugins/rbw.py

@@ -0,0 +1,50 @@
+# python 3 headers, required if submitting to Ansible
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+import json
+import subprocess
+
+from ansible.errors import AnsibleError, AnsibleParserError
+from ansible.plugins.lookup import LookupBase
+from ansible.utils.display import Display
+from jinja2 import Environment
+
+DOCUMENTATION = r"""
+  name: rbw
+  short_description: get secrets using rbw
+  options:
+    _terms:
+      description: Name of the secret to get
+      required: True
+"""
+
+display = Display()
+
+
+def rbw(name: str):
+    sub = subprocess.run(["rbw", "get", name, "--raw"], capture_output=True)
+
+    secret = json.loads(sub.stdout)
+
+    display.debug(f'Obtaining data for "{secret["name"]}"')
+
+    return secret
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        # First of all populate options,
+        # this will already take into account env vars and ini config
+        self.set_options(var_options=variables, direct=kwargs)
+
+        # lookups in general are expected to both take a list as input and output a list
+        # this is done so they work with the looping construct 'with_'.
+        ret = []
+        for term in terms:
+            secret = rbw(term)
+
+            ret.append(secret)
+
+        return ret

playbooks/initial-setup.yaml

@@ -0,0 +1,8 @@
+---
+- hosts: localhost
+  vars:
+     secret: "{{ lookup('rbw', 'Work Laptop') }}"
+  tasks:
+
+     - debug:
+         msg: the value of the secret is {{ secret.data.public_key }}