The pull request for the docs has been merged already. The relevant doc page is here: http://docs.ansible.com/intro_inventory.html
Just search for 'vault' in that page. It doesn't have info this thread doesn't though... On Tue, Dec 9, 2014 at 3:14 PM, Chris Adams <[email protected]> wrote: > Hi all, > > I just came across this after puzzling over how best to use ansible-vault > to manage sensitive credentials in group vars, without encrypting > everything, and I couldn't find the pull request for this when looking > through the github issues for > > Would someone share a link to it? > > Thanks > > Chris > > On Friday, 23 May 2014 15:36:18 UTC+2, Hagai Kariti wrote: >> >> Yeah that's me :-) >> On May 23, 2014 3:19 PM, "Michael DeHaan" <[email protected]> wrote: >> >>> Docs are open source and there's already an open pull request for that >>> in the docs. >>> >>> >>> >>> >>> On Thu, May 22, 2014 at 4:57 AM, Hagai Kariti <[email protected]> wrote: >>> >>>> >>>> On Thu, May 22, 2014 at 1:16 AM, Michael DeHaan <[email protected]> >>>> wrote: >>>> >>>>> "Using Vault in group_vars has the downside of losing version control >>>>> on the vaulted file" >>>>> >>>>> This is not neccessarily the case. >>>>> >>>>> group_vars/ folders are also loaded if they live alongside the >>>>> playbook, so that can be a good option. >>>>> >>>>> You could also keep the variables in a role vars/ directory and pull >>>>> them in to hosts that need them. >>>>> >>>>> In fact, a role can contain nothing but vars, and that works too! >>>>> >>>>> >>>> Yeah I know, but that's not helping my specific use case, as I need >>>> different sensitive variables based on inventory, not role or playbook. >>>> Serge's suggestion was what solved it for me - too bad this feature >>>> isn't documented! >>>> >>>> >>>>> >>>>> On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti <[email protected]> >>>>> wrote: >>>>> >>>>>> Whoa, dude. Didn't know that trick. Yeah that actually solves my case >>>>>> pretty nicely. Thanks a bunch. >>>>>> >>>>>> On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> On 21 May 2014 16:53, Hagai Kariti <[email protected]> wrote: >>>>>>> >>>>>>>> It's really the same idea as group_vars. For each group a host is a >>>>>>>> member of, two files are included: >>>>>>>> - The file under group_vars/, as usual >>>>>>>> - The vaulted file under the vaulted group_vars dir >>>>>>>> >>>>>>>> This allows you to separate the sensitive and normal parts of your >>>>>>>> group_vars, so that you won't lose version control on the normal parts. >>>>>>>> >>>>>>> >>>>>>> OK, actually, you already can do something similar, what I do: >>>>>>> >>>>>>> for each group X I have a directory group_vars/X/ >>>>>>> >>>>>>> every file in that dir will be loaded for group X >>>>>>> then you van have a group_vars/X/secret.yml e.g. which is vaulted. >>>>>>> >>>>>>> Would that work for you? >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/cc0d252e-fb8b-407e-abf1- >>>>>> 3bad7c19eae0%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Ansible Project" group. >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>> topic/ansible-project/VgGIyBhFtZM/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_ >>>>> aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7% >>>> 2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7%2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>> topic/ansible-project/VgGIyBhFtZM/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N >>> 6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/d98d99e1-b6ca-4899-93b7-904dab97aa3a%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/d98d99e1-b6ca-4899-93b7-904dab97aa3a%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHKqR4WPSD0hb_U3B8KyXa_ptb4okN3Fp--Y389qrheXA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
