Re: [ansible-project] ansible-vault encrypt_string and inventory files
28 views
Skip to first unread message
Brian Coca
Apr 4, 2018, 5:23:49 PM4/4/18
to Ansible Project
It will never work in ini file, you can encrypt the whole inventory
though (yaml or ini).
As for the single var, it 'should' work in a YAML inventory, but i
don't think we had it as a specific feature.
--
----------
Brian Coca
though (yaml or ini).
As for the single var, it 'should' work in a YAML inventory, but i
don't think we had it as a specific feature.
--
----------
Brian Coca
John Harmon
Apr 4, 2018, 5:52:46 PM4/4/18
to Ansible Project
Thx Brian. I deleted my original post (didn't see a response to it yet, so you probably were responding when I deleted it) due to semi-sensitive information. I will post my general question below for context for people reading this in the future:
Can I utilize the encrypt_string output in my inventory file (tried multiple ways but couldn't get it to work):
Sample inventory file:
Can I utilize the encrypt_string output in my inventory file (tried multiple ways but couldn't get it to work):
Sample inventory file:
[win]
ansible-win.mydomain.com
[win:vars]
ansible_connection=winrm
ansible_user=ansible
ansible_password="!vault |
$ANSIBLE_VAULT;1.1;AES256
37323038653234633237633336613932313930613332333063356662356636326130626236366536
6138643739653436613930366165393161613932353865660a333939333666353435653433626536
36303430386438616234386639386439343433363962363563636436643562613339626536396332
6364393263646539650a656334373662343438336663666535343130336235616363343332356232
3238"
Brian Coca
Apr 4, 2018, 7:53:52 PM4/4/18
to Ansible Project
my answer still stands, !vault is a YAMLism, it will never work in an INI file.
--
----------
Brian Coca
--
----------
Brian Coca
Kai Stian Olstad
Apr 5, 2018, 12:47:25 AM4/5/18
to ansible...@googlegroups.com
On 04.04.2018 23:52, John Harmon wrote:
> Thx Brian. I deleted my original post (didn't see a response to it
> yet, so
> you probably were responding when I deleted it) due to semi-sensitive
> information.
Google groups is a mailing list, so when you post, it sends mail to
> Thx Brian. I deleted my original post (didn't see a response to it
> yet, so
> you probably were responding when I deleted it) due to semi-sensitive
> information.
everyone that have subscribed to the list by e-mail.
So deleting a post won't work since the mail i already sent.
--
Kai Stian Olstad
Kai Stian Olstad
Apr 5, 2018, 1:15:39 AM4/5/18
to ansible...@googlegroups.com
On 04.04.2018 22:09, John Harmon wrote:
> I believe I just have a syntax issue:
>
> Inventory File:
>
> win:
> hosts:
> ansible-win.nspnet.net
> vars:
> ansible_connection: winrm
> ansible_user: ansible
> ansible_password: >
> !vault |
> $ANSIBLE_VAULT;1.1;AES256
>
> 30653431356634633165316664383264313636623136623831663566303436613834366536663333
>
> 6236666435613164306162346261666339353230356365360a383661333263656465646533386561
>
> 33393937323838646264396166333266633062633330386630643161343365313533306135663332
>
> 6438373531326334310a316232386532313563363531303833373964363130633735636631396364
> 6662
>
Have you tried
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30653431356634633165316664383264313636623136623831663566303436613834366536663333
6236666435613164306162346261666339353230356365360a383661333263656465646533386561
33393937323838646264396166333266633062633330386630643161343365313533306135663332
6438373531326334310a316232386532313563363531303833373964363130633735636631396364
6662
because I think the string should come right after the colon and no
grater than sign.
--
Kai Stian Olstad
> I believe I just have a syntax issue:
>
> Inventory File:
>
> win:
> hosts:
> ansible-win.nspnet.net
> vars:
> ansible_connection: winrm
> ansible_user: ansible
> ansible_password: >
> !vault |
> $ANSIBLE_VAULT;1.1;AES256
>
> 30653431356634633165316664383264313636623136623831663566303436613834366536663333
>
> 6236666435613164306162346261666339353230356365360a383661333263656465646533386561
>
> 33393937323838646264396166333266633062633330386630643161343365313533306135663332
>
> 6438373531326334310a316232386532313563363531303833373964363130633735636631396364
> 6662
>
Have you tried
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30653431356634633165316664383264313636623136623831663566303436613834366536663333
6236666435613164306162346261666339353230356365360a383661333263656465646533386561
33393937323838646264396166333266633062633330386630643161343365313533306135663332
6438373531326334310a316232386532313563363531303833373964363130633735636631396364
6662
because I think the string should come right after the colon and no
grater than sign.
--
Kai Stian Olstad
Reply all
Reply to author
Forward
0 new messages