Interesting idea but I'd imagine going with a custom module instead of a filter plugin as you'd potentially want to store / update multiple variables within the vault.
Some logistical questions to ask yourself in your implementation: 1. Does this module support vault ids? 2. Can the password of the vault be the same or different from one used with running ansible itself? 3. Does this overwrite the vault with subsequent calls or should it merge new variables with existing content? Does it provide an option to overwrite? Lastly, I recommend looking at the Ansible code the interacts with vaults <https://github.com/ansible/ansible/blob/devel/lib/ansible/cli/vault.py> to see which modules you can import to make this happen without boiling the ocean. HTH, Andy On Monday, May 4, 2020 at 7:48:41 AM UTC-4, j1f0x wrote: > > I'd like to have a possibilty to generate vault file from within ansible > playbooks. > The particular problem is to fetch sensitive data for remote host and > store this data encrypted on the local host. > > on pypy ansible-vault is available, so there is no need to duplicatie the > functionality of encryption and decryption. > > What do you think about > > - Implementing a filter plugin > > set_fact: > encrypted_data: "{{ my_data | to_vault('~/.vault/ansible-vault') }}" > > > - Extend Modules 'copy', 'fetch' to allow encryption during copy > - encrypt: [ src | dest ] > > > What are your thougths about that? > > KR > Josef > > -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/1f5d2085-00b7-43b3-8d9d-9e5aa287cd76%40googlegroups.com.
