Re: [ansible-project] use password lookup together with vault?

[Martin]

You might want to look at vault from hashicorp. Drop me a note when your
plugin is ready to test ;)
On Fri 5 Jun 2015 at 11:45 Ulrich Hochholdinger <
ulrich.hochholdin...@gmail.com> wrote:

> Hi,
> is it possible to keep the password information generated with the
> password lookup in a vault-encrypted file?
> I want to generate new random passwords for new machines and keep them
> idempotent. But the already generated passwords should be kept encrypted in
> the playbook e.g. as vault-file.
> "lookup password" seems perfect for this. But they are kept clear text,
> and can't be encrypted as a vault?
>
> I tried following which does not work:
>
> task in test.yml playbook:
> - name: debug
>   debug: msg="{{ lookup('password', 'passwordfile chars=ascii_letters
> length=15 encrypt=sha512_crypt') }}"
>
> ansible-playbook -i "myhost," --vault-password-file /root/.vault test.yml
> # passwordfile is generated cleartext
>
> ansible-vault encrypt roles/passwords/files/passwordfile
> # passwordfile is now al vault
>
> ansible-playbook -i "myhost," --vault-password-file /root/.vault test.yml
> # passwordfile is simply overwritten with new clear-text data :-(
>
> Anyone a cool solution for this?
>
> Cheers
>     Ulli
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/aa35fd1f-98a4-4231-bfb1-a659ab3e121a%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/aa35fd1f-98a4-4231-bfb1-a659ab3e121a%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
-- 
-- 
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
Mobil: +43 / 660 / 62 45 103
UID: ATU68801424

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAK1mKERwLdt_vX%3DEScG9NnRgKnj%3DPL415qAMHe6SogurN%3D25xQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.