Hi,
I'm using a following naming scheme in my projects
[inventory_group]/secret/self-documented-name.yml
for example :
group_vars
├── all
│ └── secret
│ ├── deployment_keys.yml
│ ├── api_keys.yml
│ └── hipchat_token.yml
├── redis
│ └── secret
│ └── aws.yml
└── webapp
└── secret
└── ssl.yml
I hope it would be useful.
-- Best, Igor
On Tue, Dec 9, 2014 at 5:40 PM, Michael DeHaan <[email protected]> wrote:
> You can have subdirectories under group_vars/groupname/*.yml if you want,
> and some of those can be vault encrypted.
>
>
>
> On Tue, Dec 9, 2014 at 9:28 AM, Hagai Kariti <[email protected]> wrote:
>>
>> The pull request for the docs has been merged already. The relevant doc
>> page is here: http://docs.ansible.com/intro_inventory.html
>>
>> Just search for 'vault' in that page. It doesn't have info this thread
>> doesn't though...
>>
>> On Tue, Dec 9, 2014 at 3:14 PM, Chris Adams <[email protected]>
>> wrote:
>>>
>>> Hi all,
>>>
>>> I just came across this after puzzling over how best to use ansible-vault
>>> to manage sensitive credentials in group vars, without encrypting
>>> everything, and I couldn't find the pull request for this when looking
>>> through the github issues for
>>>
>>> Would someone share a link to it?
>>>
>>> Thanks
>>>
>>> Chris
>>>
>>> On Friday, 23 May 2014 15:36:18 UTC+2, Hagai Kariti wrote:
>>>>
>>>> Yeah that's me :-)
>>>>
>>>> On May 23, 2014 3:19 PM, "Michael DeHaan" <[email protected]> wrote:
>>>>>
>>>>> Docs are open source and there's already an open pull request for that
>>>>> in the docs.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Thu, May 22, 2014 at 4:57 AM, Hagai Kariti <[email protected]> wrote:
>>>>>>
>>>>>>
>>>>>> On Thu, May 22, 2014 at 1:16 AM, Michael DeHaan <[email protected]>
>>>>>> wrote:
>>>>>>>
>>>>>>> "Using Vault in group_vars has the downside of losing version control
>>>>>>> on the vaulted file"
>>>>>>>
>>>>>>> This is not neccessarily the case.
>>>>>>>
>>>>>>> group_vars/ folders are also loaded if they live alongside the
>>>>>>> playbook, so that can be a good option.
>>>>>>>
>>>>>>> You could also keep the variables in a role vars/ directory and pull
>>>>>>> them in to hosts that need them.
>>>>>>>
>>>>>>> In fact, a role can contain nothing but vars, and that works too!
>>>>>>>
>>>>>>
>>>>>> Yeah I know, but that's not helping my specific use case, as I need
>>>>>> different sensitive variables based on inventory, not role or playbook.
>>>>>> Serge's suggestion was what solved it for me - too bad this feature
>>>>>> isn't documented!
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti <[email protected]>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Whoa, dude. Didn't know that trick. Yeah that actually solves my
>>>>>>>> case pretty nicely. Thanks a bunch.
>>>>>>>>
>>>>>>>> On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 21 May 2014 16:53, Hagai Kariti <[email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>> It's really the same idea as group_vars. For each group a host is
>>>>>>>>>> a member of, two files are included:
>>>>>>>>>> - The file under group_vars/, as usual
>>>>>>>>>> - The vaulted file under the vaulted group_vars dir
>>>>>>>>>>
>>>>>>>>>> This allows you to separate the sensitive and normal parts of your
>>>>>>>>>> group_vars, so that you won't lose version control on the normal
>>>>>>>>>> parts.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> OK, actually, you already can do something similar, what I do:
>>>>>>>>>
>>>>>>>>> for each group X I have a directory group_vars/X/
>>>>>>>>>
>>>>>>>>> every file in that dir will be loaded for group X
>>>>>>>>> then you van have a group_vars/X/secret.yml e.g. which is vaulted.
>>>>>>>>>
>>>>>>>>> Would that work for you?
>>>>>>>>>
>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "Ansible Project" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to [email protected].
>>>>>>>> To post to this group, send email to [email protected].
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com.
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to a topic in
>>>>>>> the Google Groups "Ansible Project" group.
>>>>>>> To unsubscribe from this topic, visit
>>>>>>> https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe.
>>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>>> [email protected].
>>>>>>> To post to this group, send email to [email protected].
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com.
>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "Ansible Project" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>>> an email to [email protected].
>>>>>> To post to this group, send email to [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7%2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com.
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to a topic in the
>>>>> Google Groups "Ansible Project" group.
>>>>> To unsubscribe from this topic, visit
>>>>> https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe.
>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>> [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgzLKR6MGbdOs3nVEDJJySvh8N6GyZwC4%3DvYORoX4gYuOw%40mail.gmail.com.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/d98d99e1-b6ca-4899-93b7-904dab97aa3a%40googlegroups.com.
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHKqR4WPSD0hb_U3B8KyXa_ptb4okN3Fp--Y389qrheXA%40mail.gmail.com.
>>
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxxCHr7%2BJODHpUfaHkrX6tsbyyU4m5GA0%3DPG23DMR91wg%40mail.gmail.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAGuansqzkOx5d_9TrV4JC%3Dqq4r6m3osuRiRM4xzxiwTVR_Tpdg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
