Hi all, I just came across this after puzzling over how best to use ansible-vault to manage sensitive credentials in group vars, without encrypting everything, and I couldn't find the pull request for this when looking through the github issues for
Would someone share a link to it? Thanks Chris On Friday, 23 May 2014 15:36:18 UTC+2, Hagai Kariti wrote: > > Yeah that's me :-) > On May 23, 2014 3:19 PM, "Michael DeHaan" <[email protected] > <javascript:>> wrote: > >> Docs are open source and there's already an open pull request for that in >> the docs. >> >> >> >> >> On Thu, May 22, 2014 at 4:57 AM, Hagai Kariti <[email protected] >> <javascript:>> wrote: >> >>> >>> On Thu, May 22, 2014 at 1:16 AM, Michael DeHaan <[email protected] >>> <javascript:>> wrote: >>> >>>> "Using Vault in group_vars has the downside of losing version control >>>> on the vaulted file" >>>> >>>> This is not neccessarily the case. >>>> >>>> group_vars/ folders are also loaded if they live alongside the >>>> playbook, so that can be a good option. >>>> >>>> You could also keep the variables in a role vars/ directory and pull >>>> them in to hosts that need them. >>>> >>>> In fact, a role can contain nothing but vars, and that works too! >>>> >>>> >>> Yeah I know, but that's not helping my specific use case, as I need >>> different sensitive variables based on inventory, not role or playbook. >>> Serge's suggestion was what solved it for me - too bad this feature >>> isn't documented! >>> >>> >>>> >>>> On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti <[email protected] >>>> <javascript:>> wrote: >>>> >>>>> Whoa, dude. Didn't know that trick. Yeah that actually solves my case >>>>> pretty nicely. Thanks a bunch. >>>>> >>>>> On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter >>>>> wrote: >>>>> >>>>>> >>>>>> On 21 May 2014 16:53, Hagai Kariti <[email protected]> wrote: >>>>>> >>>>>>> It's really the same idea as group_vars. For each group a host is a >>>>>>> member of, two files are included: >>>>>>> - The file under group_vars/, as usual >>>>>>> - The vaulted file under the vaulted group_vars dir >>>>>>> >>>>>>> This allows you to separate the sensitive and normal parts of your >>>>>>> group_vars, so that you won't lose version control on the normal parts. >>>>>>> >>>>>> >>>>>> OK, actually, you already can do something similar, what I do: >>>>>> >>>>>> for each group X I have a directory group_vars/X/ >>>>>> >>>>>> every file in that dir will be loaded for group X >>>>>> then you van have a group_vars/X/secret.yml e.g. which is vaulted. >>>>>> >>>>>> Would that work for you? >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected] <javascript:>. >>>>> To post to this group, send email to [email protected] >>>>> <javascript:>. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Ansible Project" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected] <javascript:>. >>>> To post to this group, send email to [email protected] >>>> <javascript:>. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To post to this group, send email to [email protected] >>> <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7%2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7%2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d98d99e1-b6ca-4899-93b7-904dab97aa3a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
