Multiple ansible-vault encrypted ssh private keys

[William Dossett]

Hi,

 

I’ve been wrangling around this all afternoon.

 

First of all, is it ok to have two ansible-vault encrypted files (containing ssh private keys) with the same password and use them in one playbook?

 

I ask because when I try to use a second one, the first one seems to stop working.

 

My first playbook used passwords to connect to nodes and then I used an ansible-vault encrypted private key file to scp files to another remote host.  This worked fine.  But I need to use ssh key to connect to the nodes… when I added

 

vars:

  ansible_ssh_private_key_file: /vars/current_id_rsa

 

and current_id_rsa is ansible-vault encrypted with the same password as the first file, my scp command no longer works with the key it was using and hangs asking for password now – it seems like it is using the wrong private key from the debugging I have done…. But as I am just using the

 

command: scp -i vars/id_rsa  -o StrictHostKeyChecking=no /tmp/id_rsa us...@users.workstation/Users/user/.ssh/instances_id_rsa

 

for my command and vars/id_rsa is vault encrypted, I don’t see how that would get interfered with by setting the ansible_ssh_private_key_file.

 

I changed back to using password to connect to nodes and then the scp command works again…   

 

So if that isn’t going to work, can I store my ssh private keys as a vars in a vars file, so I just have one encrypted vars file?  I can’t seem to find any examples of doing this with mr google.

 

Thanks

Bill