ansible-vault and with_password

[J]

All,

Looking to automate password / account management using Ansible. The overall goal is to have an unencrypted password in a file for use (so that I have it handy if I need to pull it up) and the nuse ansible-vault or some other mechanism to encrypt the password. There are two says I'd like to approach this:

(a, preferred) Variable file that has plain-text password, such as:

password:

  - user: plain_text_password

  - user2: plain_text_password2

I found a stack overflow link that indicated there would be some way to loop over the variables and then encrypt them one-by-one, finally feeding them into the user module. Unfortunately I can't get this to work properly. Any thoughts / ideas?

(b) The second method is to store a user password in a file and then use the with_password mechanism. This works fine until I use ansible-vault to encrypt the password file. Unfortunately the with_password mechanism will append the salt to the encrypted password file.

Is there a good way to accomplish this goal?

Thanks!