Hi Nicolas I'm not sure why depositing the secrets into a file alongside the script would be any less secure than hardcoding them in the script?
Tom On 15 January 2015 at 17:30, Nicolas G. <[email protected]> wrote: > Thanks for the reply Tom but both of your suggestions doesn't really help > with the security concerns. It would be simpler to just hardcode the values > on the script this way. > > The approach I'm looking is to use the ansible-vault variables on the fly > with the script and after the execution step to not leave any traces. > > Thanks again, > N. > > On Thu, Jan 15, 2015 at 3:39 PM, Tom Bamford <[email protected]> wrote: > >> Hi Nicolas >> >> Just a couple of suggestions that spring to mind: >> >> You could pass in the vars as environment variables, although these do >> unfortunately get exposed in syslog and console output. >> >> Alternatively you could maybe write them to files on the target host (be >> it localhost or another host) with tight permissions and remove afterwards? >> >> Regards >> Tom >> >> >> On 15 January 2015 at 14:52, Nicolas G <[email protected]> wrote: >> >>> Hi, >>> >>> I have a bash script that i would like to run locally using the Ansible >>> shell module , the problem is that want to use some encrypted variables >>> from Ansible-Vault in that bash script but I think for security reasons >>> ansible-vault variables are not rendered from the shell module.. >>> >>> Is there a better approach for what I want ? >>> >>> Please advise.. >>> >>> Regards, >>> N. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/8b0ad711-484c-4324-b74a-5661ec36acfd%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/8b0ad711-484c-4324-b74a-5661ec36acfd%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/WgulzWnrnWY/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAAnNz0NJgG9Pyn8hh_aB7CEOcwRyXJOyc23nu28MgteASS5nwg%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CAAnNz0NJgG9Pyn8hh_aB7CEOcwRyXJOyc23nu28MgteASS5nwg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CALpo6LVi%3D8W7zGAL%2B7hXrBX9nwxpVt0TLQ42EuaHgMJVPHAWxg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CALpo6LVi%3D8W7zGAL%2B7hXrBX9nwxpVt0TLQ42EuaHgMJVPHAWxg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAAnNz0Nk7QxZhN0O9zwX9uGP19P1zuFb%2BKA1oQd-hBtrsATAfA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
