Encrypt service_account_file for Dynamic Inventory
9 views
Skip to first unread message
Sean Blong
May 16, 2019, 3:08:39 PM5/16/19
to Ansible Project
Is there a way, or possibly a workaround, to encrypt the service_account_file that is used by a dynamic inventory? For instance, I'm using the gcp_compute inventory plugin and have a dynamic inventory YAML file that looks like this:
The service account file (i.e. svc-acct-key.json) has sensitive data that should be encrypted and so I've encrypted that file using Ansible Vault. I was expecting this inventory file to be run and when it attempts to fetch svc-acct-key.json I was expecting it to decrypt the file, but instead it reads the file in encrypted format and complains that it is not properly formatted JSON. Is there a workaround to get this to work? Ideally I would like to use Ansible Vault since I'm already using this for passwords. Please advise.
plugin: gcp_compute
projects:
- <project_name>
filters:
auth_kind: serviceaccount
service_account_file: svc-acct-key.jsonThe service account file (i.e. svc-acct-key.json) has sensitive data that should be encrypted and so I've encrypted that file using Ansible Vault. I was expecting this inventory file to be run and when it attempts to fetch svc-acct-key.json I was expecting it to decrypt the file, but instead it reads the file in encrypted format and complains that it is not properly formatted JSON. Is there a workaround to get this to work? Ideally I would like to use Ansible Vault since I'm already using this for passwords. Please advise.
Thank you,
Sean
Reply all
Reply to author
Forward
0 new messages