You can have subdirectories under group_vars/groupname/*.yml if you want, and some of those can be vault encrypted.
On Tue, Dec 9, 2014 at 9:28 AM, Hagai Kariti <[email protected]> wrote: > The pull request for the docs has been merged already. The relevant doc > page is here: http://docs.ansible.com/intro_inventory.html > > Just search for 'vault' in that page. It doesn't have info this thread > doesn't though... > > On Tue, Dec 9, 2014 at 3:14 PM, Chris Adams <[email protected]> > wrote: > >> Hi all, >> >> I just came across this after puzzling over how best to use ansible-vault >> to manage sensitive credentials in group vars, without encrypting >> everything, and I couldn't find the pull request for this when looking >> through the github issues for >> >> Would someone share a link to it? >> >> Thanks >> >> Chris >> >> On Friday, 23 May 2014 15:36:18 UTC+2, Hagai Kariti wrote: >>> >>> Yeah that's me :-) >>> On May 23, 2014 3:19 PM, "Michael DeHaan" <[email protected]> wrote: >>> >>>> Docs are open source and there's already an open pull request for that >>>> in the docs. >>>> >>>> >>>> >>>> >>>> On Thu, May 22, 2014 at 4:57 AM, Hagai Kariti <[email protected]> wrote: >>>> >>>>> >>>>> On Thu, May 22, 2014 at 1:16 AM, Michael DeHaan <[email protected]> >>>>> wrote: >>>>> >>>>>> "Using Vault in group_vars has the downside of losing version >>>>>> control on the vaulted file" >>>>>> >>>>>> This is not neccessarily the case. >>>>>> >>>>>> group_vars/ folders are also loaded if they live alongside the >>>>>> playbook, so that can be a good option. >>>>>> >>>>>> You could also keep the variables in a role vars/ directory and pull >>>>>> them in to hosts that need them. >>>>>> >>>>>> In fact, a role can contain nothing but vars, and that works too! >>>>>> >>>>>> >>>>> Yeah I know, but that's not helping my specific use case, as I need >>>>> different sensitive variables based on inventory, not role or playbook. >>>>> Serge's suggestion was what solved it for me - too bad this feature >>>>> isn't documented! >>>>> >>>>> >>>>>> >>>>>> On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Whoa, dude. Didn't know that trick. Yeah that actually solves my >>>>>>> case pretty nicely. Thanks a bunch. >>>>>>> >>>>>>> On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> On 21 May 2014 16:53, Hagai Kariti <[email protected]> wrote: >>>>>>>> >>>>>>>>> It's really the same idea as group_vars. For each group a host is >>>>>>>>> a member of, two files are included: >>>>>>>>> - The file under group_vars/, as usual >>>>>>>>> - The vaulted file under the vaulted group_vars dir >>>>>>>>> >>>>>>>>> This allows you to separate the sensitive and normal parts of your >>>>>>>>> group_vars, so that you won't lose version control on the normal >>>>>>>>> parts. >>>>>>>>> >>>>>>>> >>>>>>>> OK, actually, you already can do something similar, what I do: >>>>>>>> >>>>>>>> for each group X I have a directory group_vars/X/ >>>>>>>> >>>>>>>> every file in that dir will be loaded for group X >>>>>>>> then you van have a group_vars/X/secret.yml e.g. which is vaulted. >>>>>>>> >>>>>>>> Would that work for you? >>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>>> cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to a topic in >>>>>> the Google Groups "Ansible Project" group. >>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>> topic/ansible-project/VgGIyBhFtZM/unsubscribe. >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_ >>>>>> aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com >>>>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7% >>>>> 2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7%2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Ansible Project" group. >>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>> topic/ansible-project/VgGIyBhFtZM/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N >>>> 6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/d98d99e1-b6ca-4899-93b7-904dab97aa3a%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/d98d99e1-b6ca-4899-93b7-904dab97aa3a%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHKqR4WPSD0hb_U3B8KyXa_ptb4okN3Fp--Y389qrheXA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHKqR4WPSD0hb_U3B8KyXa_ptb4okN3Fp--Y389qrheXA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxxCHr7%2BJODHpUfaHkrX6tsbyyU4m5GA0%3DPG23DMR91wg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
