One solution to the inconvienince of changing the inline vault variable is to use prefix the vault variable with vault_ and store the actual secret data in a file. Then reference the vault variable with vault_xxx. This way when you can use ansible-vault edit/view etc but still make the variable searchable via grep(i.e. you get the benefit from both approaches)
Here are some links with more description. https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#variables-and-vaults A more detail write up https://www.digitalocean.com/community/tutorials/how-to-use-vault-to-protect-sensitive-ansible-data-on-ubuntu-16-04 Tony Chia On Tuesday, August 14, 2018 at 10:35:01 AM UTC-7, Dick Visser wrote: > > Hi > > I've come to like the inline encrypted variable > ( > https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html#single-encrypted-variable) > > > as this is handy for instance with larger data structures that only > contain one of two sensitive values. > > Management of those values is quite a pain however. It usually > includes manually copying the encrypted string to a new file, fix the > indentation, then running ansible-vault on the file. > > Editing plain files is easy, editing encrypted files is also easy. > Is there maybe some (vi) plugin that lets you edit the inline > encrypted vars in a more user friendly way? > > Thanks! > > Dick > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20eacfd1-1f66-48f8-80c9-cedbc8f8328e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
