2 files changed, 20 insertions, 4 deletions

diff --git a/src/lib/Bcfg2/Options.py b/src/lib/Bcfg2/Options.py
index e617e3e38..34f4b2bc6 100644
--- a/src/lib/Bcfg2/Options.py
+++ b/src/lib/Bcfg2/Options.py
@@ -907,6 +907,11 @@ DECRYPT = \
            default=False,
            cmd='--decrypt',
            long_arg=True)
+DECRYPT_STDOUT = \
+    Option('Decrypt the specified file to stdout',
+           default=False,
+           cmd='--stdout',
+           long_arg=True)
 CRYPT_PASSPHRASE = \
     Option('Encryption passphrase (name or passphrase)',
            default=None,
@@ -963,6 +968,7 @@ SERVER_COMMON_OPTIONS = dict(repo=SERVER_REPOSITORY,
 
 CRYPT_OPTIONS = dict(encrypt=ENCRYPT,
                      decrypt=DECRYPT,
+                     decrypt_stdout=DECRYPT_STDOUT,
                      passphrase=CRYPT_PASSPHRASE,
                      xpath=CRYPT_XPATH,
                      properties=CRYPT_PROPERTIES,
diff --git a/src/sbin/bcfg2-crypt b/src/sbin/bcfg2-crypt
index a40bab994..cb1b956fb 100755
--- a/src/sbin/bcfg2-crypt
+++ b/src/sbin/bcfg2-crypt
@@ -321,8 +321,8 @@ def main():
     if not setup['args']:
         print(setup.hm)
         raise SystemExit(1)
-    elif setup['encrypt'] and setup['decrypt']:
-        print("You cannot specify both --encrypt) and --decrypt")
+    elif setup['encrypt'] and (setup['decrypt_stdout'] or setup['decrypt']):
+        print("You cannot specify both --encrypt and --decrypt or --stdout")
         raise SystemExit(1)
     elif setup['cfg'] and setup['properties']:
         print("You cannot specify both --cfg and --properties")
@@ -375,9 +375,19 @@ def main():
         if setup['encrypt']:
             if not encryptor.encrypt(fname):
                 print("Failed to encrypt %s, skipping" % fname)
-        elif setup['decrypt']:
-            if not encryptor.decrypt(fname):
+        elif setup['decrypt'] or setup['decrypt_stdout']:
+            data = encryptor.decrypt(fname)
+            if not data:
                 print("Failed to decrypt %s, skipping" % fname)
+                continue
+            if setup['decrypt_stdout']:
+                if len(setup['args']) > 1:
+                    print("----- %s -----" % fname)
+                print(data)
+                if len(setup['args']) > 1:
+                    print("")
+            else:
+                encryptor.write_decrypted(fname, data=data)
         else:
             logger.info("Neither --encrypt nor --decrypt specified, "
                         "determining mode")