Hi,
is it possible to keep the password information generated with the password
lookup in a vault-encrypted file?
I want to generate new random passwords for new machines and keep them
idempotent. But the already generated passwords should be kept encrypted in
the playbook e.g. as vault-file.
"lookup password" seems perfect for this. But they are kept clear text, and
can't be encrypted as a vault?
I tried following which does not work:
task in test.yml playbook:
- name: debug
debug: msg="{{ lookup('password', 'passwordfile chars=ascii_letters
length=15 encrypt=sha512_crypt') }}"
ansible-playbook -i "myhost," --vault-password-file /root/.vault test.yml
# passwordfile is generated cleartext
ansible-vault encrypt roles/passwords/files/passwordfile
# passwordfile is now al vault
ansible-playbook -i "myhost," --vault-password-file /root/.vault test.yml
# passwordfile is simply overwritten with new clear-text data :-(
Anyone a cool solution for this?
Cheers
Ulli
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/aa35fd1f-98a4-4231-bfb1-a659ab3e121a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
