encryption

[Alexey Wasilyev]

Hello!

Is there any way to encrypt just values in the variable files?

I need something like

---

simple_var: 42

encrypted_var: %enc%002200110022

where '002200110022' is encrypted value.

I think this can be accomplished with some kind of custom plugin or inventory script...

I know about vault, but binary files completely unusable with git. 

[Brian Coca]

not currently, vault only supports full file encryption (you do't need
to encrypt all your vars, just the secrets).

--
Brian Coca

[Mark Janssen]

You could load in encrypted vars via a lookup to something like pass (passwordstore.org).

- name: Debug

    debug: msg={{lookup('pipe', 'pass some/password/i/need') }}

This way you can store your passwords as gpg-encrypted files, and even version them along with your plays.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8%3DfpkD-9ZBy0o4b4XE_bwUgdDeV1%3DKd7th6dpgtOKW1%2Bw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Mark Janssen  --  maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com

[Alexey Wasilyev]

Finally I make a local clone of action_plugins/include_var.py and patch it to recognise encrypted values.