Would it be possible to extend this to use the ssh-agent?
> Op 2 aug. 2014 om 19:54 heeft Michael DeHaan <[email protected]> het > volgende geschreven: > > We have in fact merged in the support for the --vault-password-file to take a > script (marked chmod +x) that can return the vault password. > > I just hadn't noticed that we merged it, which is all good :) > > And yes, you're exactly right - the two PRs are different things all > together. The perils of a busy mailing list and too much going on. > > We should still see about the gpg encryption method itself as well. > > > > >> On Sat, Aug 2, 2014 at 1:12 PM, Dale <[email protected]> wrote: >>> On Fri, Aug 1, 2014 at 6:37 AM, Michael DeHaan <[email protected]> wrote: >>> There's a pull request for direct GPG support in vault as well, that we >>> need to evaluate >>> >>> https://github.com/ansible/ansible/pull/7174 >>> >>> "Luckily, the next major release of Ansible will include the ability for >>> vault_password_file to point at a script that will be run to get your >>> passphrase." >>> >>> FYI - I don't remember merging this one. If we didn't merge that yet, I'm >>> not opposed. Perhaps James did and I didn't notice, but there should be >>> instructions added in docs to reference how to use it before this is >>> complete. >>> >>> It may be a case of comparing the two submissions, can you please comment >>> on the above pull request? >>> >>> Thanks! >> >> I'm sorry, I don't understand. What would you like me to comment on the >> above pull request for GPG vault file support? I don't have much to say >> about it, as I think this PR to use GPG for encrypting vault files is >> orthogonal to my script to use gpg-agent to store your vault passphrase. >> What I mean is that the PR you cited introduces a new vault encryption >> method, whereas my script will work with any vault encryption method that >> respects vault_password_file, including the default AES method and >> (apparently) this prospective GPG method. >> >> Of course, if you're actually invoking GPG, as in the above PR, then my >> script is probably not necessary as I expect GPG to use gpg-agent directly. >> (Though I can't tell if that's working quite right yet in the cited PR.) >> >> Dale >> >> >>>> On Fri, Aug 1, 2014 at 1:48 AM, Dale <[email protected]> wrote: >>>> Hi Ansible users, >>>> >>>> I've been trying to use vault lately but I got tired of having to enter my >>>> passphrase every time I ran ansible-playbook. I didn't want to put my >>>> passphrase into a file on disk, either. Luckily, the next major release >>>> of Ansible will include the ability for vault_password_file to point at a >>>> script that will be run to get your passphrase.[1] Using this new >>>> functionality I wrote a tiny vault_password_file script that reads your >>>> passphrase via gpg-agent. gpg-agent will then cache that passphrase for >>>> you (by default) so you won't have to enter it every time you run an >>>> Ansible command. >>>> >>>> I thought others might find this useful. If so, the script can be found >>>> at: >>>> https://github.com/dsedivec/ansible-plugins/blob/master/vault_from_gpg_agent.py >>>> >>>> To reiterate, as of right now I believe this will only work with Ansible >>>> from the Git devel branch. >>>> >>>> If an Ansible maintainer thinks this has a place in some more official >>>> repository somewhere I'm happy to make a pull request, just give me a hint >>>> where it should go. >>>> >>>> Regards, >>>> Dale >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAEj9N4LFD-eiJ3DWCVXEY45crsyVhczqOjt-fR%3DLYV1tiQ4NGw%40mail.gmail.com. >> >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgz53Piaxd%3D_9FCtz_MBpNNqEs2h3fdUicDqM0af2wVNBQ%40mail.gmail.com. > For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
