allow to pass in ansible vault password in method signatures

Author: stefanseifert

tooling/conga-aem-crypto-cli/src/main/java/io/wcm/devops/conga/plugins/aem/tooling/crypto/cli/AnsibleVault.java

@@ -44,9 +44,19 @@ private AnsibleVault() {
    * @throws IOException I/O exception
    */
   public static void encrypt(File file) throws IOException {
+    encrypt(file, AnsibleVaultPassword.get());
+  }
+
+  /**
+   * Encrypts file with Ansible vault.
+   * @param file File to encrypt
+   * @param ansibleVaultPassword Ansible Vault Password
+   * @throws IOException I/O exception
+   */
+  public static void encrypt(File file, String ansibleVaultPassword) throws IOException {
     handleFile(file, data -> {
       try {
-        return VaultHandler.encrypt(data, AnsibleVaultPassword.get());
+        return VaultHandler.encrypt(data, ansibleVaultPassword);
       }
       catch (IOException ex) {
         throw new RuntimeException("Unable to encrypt file " + file.getPath(), ex);
@@ -60,9 +70,19 @@ public static void encrypt(File file) throws IOException {
    * @throws IOException I/O exception
    */
   public static void decrypt(File file) throws IOException {
+    decrypt(file, AnsibleVaultPassword.get());
+  }
+
+  /**
+   * Decrypts file with Ansible vault.
+   * @param file File to decrypt
+   * @param ansibleVaultPassword Ansible Vault Password
+   * @throws IOException I/O exception
+   */
+  public static void decrypt(File file, String ansibleVaultPassword) throws IOException {
     handleFile(file, data -> {
       try {
-        return VaultHandler.decrypt(data, AnsibleVaultPassword.get());
+        return VaultHandler.decrypt(data, ansibleVaultPassword);
       }
       catch (IOException ex) {
         throw new RuntimeException("Unable to decrypt file " + file.getPath(), ex);

tooling/conga-aem-crypto-cli/src/main/java/io/wcm/devops/conga/plugins/aem/tooling/crypto/cli/CryptoKeys.java

@@ -49,17 +49,29 @@ private CryptoKeys() {
    * @throws GeneralSecurityException Security exception
    */
   public static Stream<File> generate(File targetDir, boolean ansibleVaultEncrypt) throws GeneralSecurityException {
+    return generate(targetDir, ansibleVaultEncrypt, AnsibleVaultPassword.get());
+  }
+
+  /**
+   * Generates AES and HMAC crypto keys for AEM.
+   * @param targetDir Target directory
+   * @param ansibleVaultEncrypt If true, the crypto keys are encrypted with Ansible Vault.
+   * @param ansibleVaultPassword Ansible Vault Password
+   * @return Generated files
+   * @throws GeneralSecurityException Security exception
+   */
+  public static Stream<File> generate(File targetDir, boolean ansibleVaultEncrypt,
+      String ansibleVaultPassword) throws GeneralSecurityException {
     Stream<KeyItem> keys = Stream.of(
         new KeyItem("master", new AesCryptoSupport().generateKey().getEncoded()),
         new KeyItem("hmac", new HmacCryptoKeySupport().generateKey().getEncoded()));
     if (ansibleVaultEncrypt) {
-      keys = encryptKeys(keys);
+      keys = encryptKeys(keys, ansibleVaultPassword);
     }
     return writeKeys(keys, targetDir);
   }
 
-  private static Stream<KeyItem> encryptKeys(Stream<KeyItem> keys) {
-    String password = AnsibleVaultPassword.get();
+  private static Stream<KeyItem> encryptKeys(Stream<KeyItem> keys, String password) {
     return keys.map(key -> {
       try {
         return new KeyItem(key.getName(), VaultHandler.encrypt(key.getData(), password));