There is indeed a way to specify this in the ansible.cfg file: [defaults] vault_password_file = /path/to/password_file
Additionally of note, is that the --vault-password-file can also be a script, and if marked as executable the script will be executed and can respond with the password. Then you can store your password in something like keychain on Mac and have the script retrieve it. (I've submitted a PR to show how to do this at https://github.com/ansible/ansible/pull/8561) On Tue, Sep 16, 2014 at 4:41 AM, Jason Harris <[email protected]> wrote: > Hi All, > > It would be handy to be able to specify a default vault-password-file in > the ansible configuration file. That way when we are operating within the > ansible role we can easily encrypt, edit, and decrypt files without having > to always add: > > --vault-password-file ~/.vault_pass.txt > > We can of course create a bash alias for this but it doesn't vary when we > are in different ansible projects... > > Also, it would be nice to have a ansible-vault cat | more | less etc to > easily look at the file contents. > > And in fact it might be nice to be able to have several passwords in > vault_pass, which are tried in succession. Ie we might have vault_pass.txt > be: > > general_pass : aYLNOrPGA9qEYDxs > aws_deploy_keys: BbqxyxGBqjSC3kVt > super_secrete_key: KeqZqnXvCHQJ7hDx > > That way we could handle out say the general_pass to some people working > on general things, and say give out the aws deploy keys to a smaller set of > people, and finally only a few people would know the super_secret_keys. > > Thanks, > Jason > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/888da30c-5c70-4eb5-8069-3a307f6dec30%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/888da30c-5c70-4eb5-8069-3a307f6dec30%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz [email protected] http://sivel.net/ -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v-OMDbs1yUEQzr5zGowQPM%2B-thVwpea55FGoBhjmQJwYw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
