I currenty use vars_files because Ansible doesn't include these files automatically. I was suggesting making a standard place to put vaulted group_vars (or host_vars) and gave mine as an example. Do you object to the idea or just my convention?
On Wed, May 21, 2014 at 5:32 PM, Serge van Ginderachter < [email protected]> wrote: > If it's meant to be included by vars_file, that doesn't seem like a good > place to me. > Also, this would conflict if one has a 'vault' group, as dirs are also > allowed in host/group_vars, instead of plain files. > > > > On 21 May 2014 16:19, Hagai Kariti <[email protected]> wrote: > >> Hi all >> Using Vault in group_vars has the downside of losing version control on >> the vaulted file, so the logical thing is to separate sensitive variables >> from "normal" ones. >> What we do is create a vault/ subdirectory under group_vars and include >> that in vars_file. >> >> The dir structure looks like this: >> >> hosts >> group_vars/ >> vault/ >> some_group >> some_group >> >> >> And the playbook starts like this: >> >> - hosts: some_group >> vars: >> - "{{ inventory_dir }}/group_vars/vault/some_group >> >> >> It seems like a good convention, any thoughts about making it a feature? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/433a9c7a-c091-4a81-a586-d44c25ae3973%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/433a9c7a-c091-4a81-a586-d44c25ae3973%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAEhzMJDshtwczt04PK%3D7S9XWuAcDmdERZvP8RbwCq8j7cqttFA%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAEhzMJDshtwczt04PK%3D7S9XWuAcDmdERZvP8RbwCq8j7cqttFA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHCo_EqM2Ayv6w8-hznXZEjw1VLMLrF-yAK4YAJ9vASwg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
