Optional valut import

DomaNitro

unread,

Sep 12, 2014, 5:02:13 PM9/12/14

to ansible...@googlegroups.com

Hey,

I was wondering if its possible to do optional import of vault encrypted files. i.e. if a password/password file is presented the encrypted file will be included. Else the file will be ignored.

Thanks

Michael DeHaan

unread,

Sep 12, 2014, 5:12:54 PM9/12/14

to ansible...@googlegroups.com

Yeah, this is presently not possible unfortunately.

I think this could be potentially confusing unless it threw a warning when attempting to read the file - because you might not know why a variable would be undefined.

If we did this, it would need to be a config setting, default off, in ansible.cfg.

I'm not yet sure that we need to, but one thing that is not possible is to prompt at load time, because you might be halfway into the playbook run -- this would make it hard to run ansible via expect type scripts and it would be unpredictable when a prompt might come up.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/00840cc1-990a-4b2e-8c5c-aa0fd0656538%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Shaunak Kashyap

unread,

Sep 12, 2014, 5:53:41 PM9/12/14

to ansible...@googlegroups.com

You could make it work like so: https://gist.github.com/ycombinator/21dd0ca3c0ee9472f64d

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx%2ByaMF3u53L%2BBd%3Dor4%2BfGaAD9as7fyB0bJ-idPVZZy%3Dw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
"Now the hardness of this world slowly grinds your dreams away / Makin' a fool's joke out of the promises we make" --- Bruce Springsteen, "Blood Brothers"

Michael DeHaan

unread,

Sep 12, 2014, 5:55:03 PM9/12/14

to ansible...@googlegroups.com

Well that would not import it if that first file were not present, yes, but most likely it would be present.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMiVsf%2BkvtWX7nVq6U-1WRqHLgiMgbuYUK6ksRA2omrvNDDXGw%40mail.gmail.com.

Shaunak Kashyap

unread,

Sep 12, 2014, 5:56:55 PM9/12/14

to ansible...@googlegroups.com

Ah yes, I misinterpreted "if a password/password file is presented" as the vaulted file being present/absent not the vault password/password file. Sorry.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgz_qG0%2BK0rsCTrFy9SkptJL5oXXAY-mn6uc_UKCSmsJKA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

DomaNitro

unread,

Sep 13, 2014, 2:51:50 PM9/13/14

to ansible...@googlegroups.com

Michael,

I think this makes sense the default behaviour should fail and you should override the ignore import by config or even a command line argument.

Reply all

Reply to author

Forward