For tower questions please reach out to [email protected] or https://support.ansible.com/
On Mon, Apr 11, 2016 at 3:32 PM, Chase Farrant <[email protected]> wrote: > A few more questions. Can I set the vault password within ansible.cfg? Can > ansible detect when a yml file is encrypted? > > -Chase Farrant > (785) 220-1415 > > On Mon, Apr 11, 2016 at 1:34 PM, Chase Farrant <[email protected]> > wrote: > >> Hi all, I have a few questions about the usage of vault within Ansible >> Tower. >> >> Premise: >> >> When installing a Windows service via Ansible, I need to use specific >> credentials for running the actual service. For obvious reasons I do not >> want the plain-text credentials within my source code. >> >> >> So within the credentials section of Tower, there are several types of >> credentials but there isn't a generic value type to reference within >> playbooks. Nor does there appear to be an option for encrypting entire yml >> files. From my basic understanding, it appears that tower stores these >> credentials within it's own database instead of using encrypted yml files. >> >> Is there a 'best practice' solution to get around this problem? I don't >> really have a problem with these passwords being plain-text on the Ansible >> box itself. >> >> Here is the best solution I can think of as of now: >> >> - Create a vars file on the Ansible machine and encrypt it using ansible >> vault >> >> - Copy the file to my dev machine and upload it to source >> >> - Reference the encrypted yml file from within other playbooks >> >> - Somehow pass the vault password from Tower to Ansible...? >> >> - ....?.... >> >> >> Hopefully someone can nudge me in the right direction. Thanks! >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/CO5KDqi0mYs/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/40f36241-a1a4-4255-a440-e3e5b09e9760%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/40f36241-a1a4-4255-a440-e3e5b09e9760%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAD6rbqYsVEZ9uxQxgrr9K9fzC45_egmjaLJQPF-JfzHUUtPJTg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAD6rbqYsVEZ9uxQxgrr9K9fzC45_egmjaLJQPF-JfzHUUtPJTg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v-t5r8%3DLB1TgPyh8yyiSjnM31bH411kMGsZw_8ruEVAqw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
