A few more questions. Can I set the vault password within ansible.cfg? Can ansible detect when a yml file is encrypted?
-Chase Farrant (785) 220-1415 On Mon, Apr 11, 2016 at 1:34 PM, Chase Farrant <[email protected]> wrote: > Hi all, I have a few questions about the usage of vault within Ansible > Tower. > > Premise: > > When installing a Windows service via Ansible, I need to use specific > credentials for running the actual service. For obvious reasons I do not > want the plain-text credentials within my source code. > > > So within the credentials section of Tower, there are several types of > credentials but there isn't a generic value type to reference within > playbooks. Nor does there appear to be an option for encrypting entire yml > files. From my basic understanding, it appears that tower stores these > credentials within it's own database instead of using encrypted yml files. > > Is there a 'best practice' solution to get around this problem? I don't > really have a problem with these passwords being plain-text on the Ansible > box itself. > > Here is the best solution I can think of as of now: > > - Create a vars file on the Ansible machine and encrypt it using ansible > vault > > - Copy the file to my dev machine and upload it to source > > - Reference the encrypted yml file from within other playbooks > > - Somehow pass the vault password from Tower to Ansible...? > > - ....?.... > > > Hopefully someone can nudge me in the right direction. Thanks! > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/CO5KDqi0mYs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/40f36241-a1a4-4255-a440-e3e5b09e9760%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/40f36241-a1a4-4255-a440-e3e5b09e9760%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD6rbqYsVEZ9uxQxgrr9K9fzC45_egmjaLJQPF-JfzHUUtPJTg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
