Dear All, At the moment we are encrypting all of our host vars with git-crypt as a few contain secret information.
This is a pain as only a few people need the encrypted parts of the few encrypted files but it means all people who use ansible etc have to have git-crypt set up & working etc.etc. So I would like to find out some way in which just the values which need to be encrypted can be pulled out into separate files & encrypted. I see from: http://docs.ansible.com/intro_inventory.html That a host/group var file can be replaced with a folder & then "As an advanced use-case, you can create directories named after your groups or hosts, and Ansible will read all the files in these directories" Such that I could have a file called notsecret & another called secret.key & tell git-crypt just to encrypt "*.key" files. That way people using instances/roles etc with no secret info could still use host/group vars w/o gitcrypt At the moment this seems like the best plan.....but any other suggestions would be welcome. For example can a hostvar file perform an inclusion along the lines of including something akin to vars_files: - [ 'files/vars/{{ inventory_host }}.yml','files/vars/default.yml' ] ? TIA Adam -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4dfa149c-7ccc-44ef-acc9-4ca9f8449d25%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
