That's what I wanted to say Tom, depositing the secrets into a file alongside the script is the same thing as having them hardcoded in the script.. which on both cases I want to avoid..
Regards, N. On Thu, Jan 15, 2015 at 10:05 PM, Tom Bamford <[email protected]> wrote: > Hi Nicolas > > I'm not sure why depositing the secrets into a file alongside the script > would be any less secure than hardcoding them in the script? > > Tom > > > On 15 January 2015 at 17:30, Nicolas G. <[email protected]> wrote: > >> Thanks for the reply Tom but both of your suggestions doesn't really help >> with the security concerns. It would be simpler to just hardcode the values >> on the script this way. >> >> The approach I'm looking is to use the ansible-vault variables on the fly >> with the script and after the execution step to not leave any traces. >> >> Thanks again, >> N. >> >> On Thu, Jan 15, 2015 at 3:39 PM, Tom Bamford <[email protected]> wrote: >> >>> Hi Nicolas >>> >>> Just a couple of suggestions that spring to mind: >>> >>> You could pass in the vars as environment variables, although these do >>> unfortunately get exposed in syslog and console output. >>> >>> Alternatively you could maybe write them to files on the target host (be >>> it localhost or another host) with tight permissions and remove afterwards? >>> >>> Regards >>> Tom >>> >>> >>> On 15 January 2015 at 14:52, Nicolas G <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> I have a bash script that i would like to run locally using the Ansible >>>> shell module , the problem is that want to use some encrypted variables >>>> from Ansible-Vault in that bash script but I think for security reasons >>>> ansible-vault variables are not rendered from the shell module.. >>>> >>>> Is there a better approach for what I want ? >>>> >>>> Please advise.. >>>> >>>> Regards, >>>> N. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/8b0ad711-484c-4324-b74a-5661ec36acfd%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/8b0ad711-484c-4324-b74a-5661ec36acfd%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/WgulzWnrnWY/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAAnNz0NJgG9Pyn8hh_aB7CEOcwRyXJOyc23nu28MgteASS5nwg%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CAAnNz0NJgG9Pyn8hh_aB7CEOcwRyXJOyc23nu28MgteASS5nwg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CALpo6LVi%3D8W7zGAL%2B7hXrBX9nwxpVt0TLQ42EuaHgMJVPHAWxg%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CALpo6LVi%3D8W7zGAL%2B7hXrBX9nwxpVt0TLQ42EuaHgMJVPHAWxg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/WgulzWnrnWY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAAnNz0Nk7QxZhN0O9zwX9uGP19P1zuFb%2BKA1oQd-hBtrsATAfA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAAnNz0Nk7QxZhN0O9zwX9uGP19P1zuFb%2BKA1oQd-hBtrsATAfA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALpo6LXhJUFq1xgyfyDMrxtbb3DKTq_T%2BiL7D%2B2npDHjiX_Sdg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
