How to do password management
38 views
Skip to first unread message
Dave B
Dec 9, 2016, 5:57:09 PM12/9/16
to Ansible Project
Hi
Struggling to get my head around this. According to the best practices, I've put the root password for all the vms in a vault encrypted file, and the variables are vault_ prefixed as suggested in http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults . I don
My directory structure:
ls /etc/ansible/group_vars/
vars
vault
cat vars
ansible_become_user=vault_ansible_become_user
ansible_become_pass=vault_ansible_become_pass
And vault contains the secure data, and is ansible-vault encrypted.
How do I then pull that into a playbook/command line argument?
Struggling to get my head around this. According to the best practices, I've put the root password for all the vms in a vault encrypted file, and the variables are vault_ prefixed as suggested in http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults . I don
My directory structure:
ls /etc/ansible/group_vars/
vars
vault
cat vars
ansible_become_user=vault_ansible_become_user
ansible_become_pass=vault_ansible_become_pass
And vault contains the secure data, and is ansible-vault encrypted.
How do I then pull that into a playbook/command line argument?
Brian Coca
Feb 9, 2017, 10:41:12 PM2/9/17
to Ansible Project
The group_vars/* adjacent to inventory or play are automatically read,
I would just set ansible_become_pass there.
Also note that these must be YAML formatted files, not KEY=VALUE pairs.
----------
Brian Coca
I would just set ansible_become_pass there.
Also note that these must be YAML formatted files, not KEY=VALUE pairs.
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages