"Using Vault in group_vars has the downside of losing version control on the vaulted file"
This is not neccessarily the case. group_vars/ folders are also loaded if they live alongside the playbook, so that can be a good option. You could also keep the variables in a role vars/ directory and pull them in to hosts that need them. In fact, a role can contain nothing but vars, and that works too! On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti <[email protected]> wrote: > Whoa, dude. Didn't know that trick. Yeah that actually solves my case > pretty nicely. Thanks a bunch. > > On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter wrote: > >> >> On 21 May 2014 16:53, Hagai Kariti <[email protected]> wrote: >> >>> It's really the same idea as group_vars. For each group a host is a >>> member of, two files are included: >>> - The file under group_vars/, as usual >>> - The vaulted file under the vaulted group_vars dir >>> >>> This allows you to separate the sensitive and normal parts of your >>> group_vars, so that you won't lose version control on the normal parts. >>> >> >> OK, actually, you already can do something similar, what I do: >> >> for each group X I have a directory group_vars/X/ >> >> every file in that dir will be loaded for group X >> then you van have a group_vars/X/secret.yml e.g. which is vaulted. >> >> Would that work for you? >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
