Sensitive variables in Ansible Galaxy

[Jake Clarkson]

Hi all,

I was just wondering what the best practice is for including sensitive variables in an Ansible Galaxy role.

For example, if I were to publish a role which required sensitive (i.e. vault encrypted) data, e.g. an API key, would I just document that this variable was required in the README.md?

Thanks :-)

[Tomasz Kontusz]

Jake Clarkson <jacobwc...@gmail.com> napisał:

Yes. It's the user that will decide how sensitive that data is to him, and where to store it :-)
--
Wysłane za pomocą K-9 Mail.

[Michael DeHaan]

Obviously don't include your AWS key in the defaults or examples, just use dummy values, but it's up to them.

Folks should be aware of ansible-vault and I don't think it's necessary for the galaxy role to remind users to use it, but it's ok if the role did too.

Definitely doesn't need to be a list of which variables, etc, as a lot of folks are using private repos and such.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a8027ec9-1019-4a46-8b00-adbb4f272ca7%40email.android.com.

For more options, visit https://groups.google.com/d/optout.