Editing inline encrypted variables?
13 views
Skip to first unread message
Dick Visser
Aug 14, 2018, 1:35:01 PM8/14/18
to ansible...@googlegroups.com
Hi
I've come to like the inline encrypted variable
(https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html#single-encrypted-variable)
as this is handy for instance with larger data structures that only
contain one of two sensitive values.
Management of those values is quite a pain however. It usually
includes manually copying the encrypted string to a new file, fix the
indentation, then running ansible-vault on the file.
Editing plain files is easy, editing encrypted files is also easy.
Is there maybe some (vi) plugin that lets you edit the inline
encrypted vars in a more user friendly way?
Thanks!
Dick
I've come to like the inline encrypted variable
(https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html#single-encrypted-variable)
as this is handy for instance with larger data structures that only
contain one of two sensitive values.
Management of those values is quite a pain however. It usually
includes manually copying the encrypted string to a new file, fix the
indentation, then running ansible-vault on the file.
Editing plain files is easy, editing encrypted files is also easy.
Is there maybe some (vi) plugin that lets you edit the inline
encrypted vars in a more user friendly way?
Thanks!
Dick
Tony Chia
Aug 15, 2018, 11:10:12 AM8/15/18
to Ansible Project
One solution to the inconvienince of changing the inline vault variable is to use prefix the vault variable with vault_ and store the actual secret data in a file. Then reference the vault variable with vault_xxx. This way when you can use ansible-vault edit/view etc but still make the variable searchable via grep(i.e. you get the benefit from both approaches)
Here are some links with more description.
A more detail write up
Tony Chia
Reply all
Reply to author
Forward
0 new messages