Using binary data in Ansible Vaults.

[Stephen Gargan]

I've been using a pattern of base64 encoded values and jinja templates deal with storing binary data in vaults and have put together scripts to simplify the process; I've found them pretty useful and figured others might get some use out of them.

https://github.com/sgargan/ansible-vault-tools

I've considered writing a dedicated module to take the place of the playbook and template, but in the meantime this works pretty well.

regards,

Steve.

[Michael DeHaan]

If the primary goal of this is to encrypt the value given to the "src" of a copy operation (or template operation), I wonder if there's a better way to make this happen without needing to shell out to an extra CLI.

It might require vault knowing that a file is not YAML when it is executed though...

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f0c60c7b-fd99-4333-b628-c7fe39dabfc4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Stephen Gargan]

Building this into the copy plugin would definitely be the way to go; the vault header could have a flag to denote the contents and distinguish binary from yaml.