Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

More things about Ansible vault that are a shame:

- no file encryption, only YML

- no separate values, only entire file

- OMG it's s...l...o...w...

- password based instead of certs

- only one password

- password cannot even stored in an env var

More: http://jpmens.net/2014/02/22/my-thoughts-on-ansible-s-vault/



A good trick I found was to have a file with your values assigned as vault_something and then in the clear version have the variable assigned as: something: "{{ vault_something }}"

But yeah, the "only one password" is the biggest pain for me...


Actually, you can make the vault password file an executable shell script containing

echo "$ANSIBLE_VAULT_PASSWORD"


re: your last bullet point, I put my password as the only thing in a text file, then point the environment variable to that. Same effect, although it is one (small) extra step.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: