Sorry, reading too fast, I thought I read "password" not file. I should mention this is an undocumented option, which we always strive to correct.
This should be listed here: http://docs.ansible.com/intro_configuration.html and also in examples/ansible.cfg Which gets shipped on RPM distros as the stock config file. Please file a bug or something, or a pull request -- if you would like -- and we'll take care of it. On Tue, Sep 16, 2014 at 8:35 AM, Matt Martz <[email protected]> wrote: > There is indeed a way to specify this in the ansible.cfg file: > > [defaults] > vault_password_file = /path/to/password_file > > Additionally of note, is that the --vault-password-file can also be a > script, and if marked as executable the script will be executed and can > respond with the password. Then you can store your password in something > like keychain on Mac and have the script retrieve it. (I've submitted a PR > to show how to do this at https://github.com/ansible/ansible/pull/8561) > > On Tue, Sep 16, 2014 at 4:41 AM, Jason Harris <[email protected]> > wrote: > >> Hi All, >> >> It would be handy to be able to specify a default vault-password-file in >> the ansible configuration file. That way when we are operating within the >> ansible role we can easily encrypt, edit, and decrypt files without having >> to always add: >> >> --vault-password-file ~/.vault_pass.txt >> >> We can of course create a bash alias for this but it doesn't vary when we >> are in different ansible projects... >> >> Also, it would be nice to have a ansible-vault cat | more | less etc to >> easily look at the file contents. >> >> And in fact it might be nice to be able to have several passwords in >> vault_pass, which are tried in succession. Ie we might have vault_pass.txt >> be: >> >> general_pass : aYLNOrPGA9qEYDxs >> aws_deploy_keys: BbqxyxGBqjSC3kVt >> super_secrete_key: KeqZqnXvCHQJ7hDx >> >> That way we could handle out say the general_pass to some people working >> on general things, and say give out the aws deploy keys to a smaller set of >> people, and finally only a few people would know the super_secret_keys. >> >> Thanks, >> Jason >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/888da30c-5c70-4eb5-8069-3a307f6dec30%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/888da30c-5c70-4eb5-8069-3a307f6dec30%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Matt Martz > [email protected] > http://sivel.net/ > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAD8N0v-OMDbs1yUEQzr5zGowQPM%2B-thVwpea55FGoBhjmQJwYw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAD8N0v-OMDbs1yUEQzr5zGowQPM%2B-thVwpea55FGoBhjmQJwYw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyXjKS47c5yYb6fnkm2-%3D%3DOV7LoPUehZObmkQ7HwgnshA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
