Hi,
I’m making slow but steady progress with Ansible, and I must say I really like it. The more I learn about it, the more I know that this is the way to configure my servers in the future. But right now I have the odd problem to solve.
I’m getting to a point where I have to store sensible information like mail relay user credentials in my host_vars
. I just spent a couple hours playing around with ansible-vault
, file encryption and file decryption, and it works.
Let’s say I have a playbook called setup.yml
, and somewhere in the playbook there’s an encrypted bit of information. In that case, simply launching the playbook returns the following error:
$ ansible-playbook setup.yml
PLAY [all] ***************************************
ERROR! Attempting to decrypt but no vault secrets found
In that case I have to run the command again with the following option:
$ ansible-playbook setup.yml --ask-vault-pass
Vault password:
PLAY [all] *************************************
TASK [Gathering Facts] ***************************
ok: [localhost]
...
Now I wonder: is there a way to get ansible-xxxxx
commands to ask automatically for the Vault password whenever there’s some bit of encrypted information in the playbooks? Some magical option to put in ansible.cfg
?
Cheers,
Niki