One thing about SSH keys is that they're generally unique to one person
(or one account anyway). I feel like there's a not-uncommon use case for
wanting your sysadmins (in a Unix group 'sysadmin', say) to be able to
access Ansible vault files as themselves (i.e. without sudo), which would
be easy if files were group 'sysadmin' and group-writable.
I think it'd be fine for Ansible to warn about and/or refuse to run in
this way, by default, but I think it should be an option to allow it.
-Josh ([email protected])
This email is intended for the person(s) to whom it is addressed and may
contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use,
distribution, copying, or disclosure by any person other than the addressee(s)
is strictly prohibited. If you have received this email in error, please notify
the sender immediately by return email and delete the message and any
attachments from your system.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/21731.19803.86431.584250%40gargle.gargle.HOWL.
For more options, visit https://groups.google.com/d/optout.
