On Tue, 31 Jan 2017, at 22:35, Florin Andrei wrote: > I can't be the only one having this problem: > > We're using vault files to store sensitive info (such as passwords or > private keys). Vault files, along with Ansible playbooks, roles, > inventories, etc are checked into GitHub.
I'm using hashicorp's https://vaultproject.io/ to store secrets, and then doing lookups in ansible playbooks to retrieve the secrets. This works brilliantly, using https://github.com/jhaals/ansible-vault/ as a plugin. You can use the file backend of vault, and wire that up to a git/github repo to store the secrets. The encrypted files are unusable without the unseal keys, and thus you have a nice separation of concerns /repos between key storage and ansible tasks. A+ Dave -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1486730823.1494192.876744216.5045C864%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.
