We have in fact merged in the support for the --vault-password-file to take a script (marked chmod +x) that can return the vault password.
I just hadn't noticed that we merged it, which is all good :) And yes, you're exactly right - the two PRs are different things all together. The perils of a busy mailing list and too much going on. We should still see about the gpg encryption method itself as well. On Sat, Aug 2, 2014 at 1:12 PM, Dale <[email protected]> wrote: > On Fri, Aug 1, 2014 at 6:37 AM, Michael DeHaan <[email protected]> > wrote: > >> There's a pull request for direct GPG support in vault as well, that we >> need to evaluate >> >> https://github.com/ansible/ansible/pull/7174 >> >> "Luckily, the next major release of Ansible will include the ability for >> vault_password_file to point at a script that will be run to get your >> passphrase." >> >> FYI - I don't remember merging this one. If we didn't merge that yet, >> I'm not opposed. Perhaps James did and I didn't notice, but there should >> be instructions added in docs to reference how to use it before this is >> complete. >> >> It may be a case of comparing the two submissions, can you please comment >> on the above pull request? >> >> Thanks! >> > > I'm sorry, I don't understand. What would you like me to comment on the > above pull request for GPG vault file support? I don't have much to say > about it, as I think this PR to use GPG for encrypting vault files is > orthogonal to my script to use gpg-agent to store your vault passphrase. > What I mean is that the PR you cited introduces a new vault encryption > method, whereas my script will work with any vault encryption method that > respects vault_password_file, including the default AES method and > (apparently) this prospective GPG method. > > Of course, if you're actually invoking GPG, as in the above PR, then my > script is probably not necessary as I expect GPG to use gpg-agent directly. > (Though I can't tell if that's working quite right yet in the cited PR.) > > Dale > > > >> On Fri, Aug 1, 2014 at 1:48 AM, Dale <[email protected]> wrote: >> >>> Hi Ansible users, >>> >>> I've been trying to use vault lately but I got tired of having to enter >>> my passphrase every time I ran ansible-playbook. I didn't want to put my >>> passphrase into a file on disk, either. Luckily, the next major release of >>> Ansible will include the ability for vault_password_file to point at a >>> script that will be run to get your passphrase.[1] Using this new >>> functionality I wrote a tiny vault_password_file script that reads your >>> passphrase via gpg-agent. gpg-agent will then cache that passphrase for >>> you (by default) so you won't have to enter it every time you run an >>> Ansible command. >>> >>> I thought others might find this useful. If so, the script can be found >>> at: >>> >>> https://github.com/dsedivec/ansible-plugins/blob/master/vault_from_gpg_agent.py >>> >>> To reiterate, as of right now I believe this will only work with Ansible >>> from the Git devel branch. >>> >>> If an Ansible maintainer thinks this has a place in some more official >>> repository somewhere I'm happy to make a pull request, just give me a hint >>> where it should go. >>> >>> Regards, >>> Dale >>> >>> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAEj9N4LFD-eiJ3DWCVXEY45crsyVhczqOjt-fR%3DLYV1tiQ4NGw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAEj9N4LFD-eiJ3DWCVXEY45crsyVhczqOjt-fR%3DLYV1tiQ4NGw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgz53Piaxd%3D_9FCtz_MBpNNqEs2h3fdUicDqM0af2wVNBQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
