That's what I wanted to say Tom, depositing the secrets into a file alongside the script is the same thing as having them hardcoded in the script.. which on both cases I want to avoid..
Regards, N. On Thu, Jan 15, 2015 at 10:05 PM, Tom Bamford <t...@atpla.net> wrote: > Hi Nicolas > > I'm not sure why depositing the secrets into a file alongside the script > would be any less secure than hardcoding them in the script? > > Tom > > > On 15 January 2015 at 17:30, Nicolas G. <nicol...@gmail.com> wrote: > >> Thanks for the reply Tom but both of your suggestions doesn't really help >> with the security concerns. It would be simpler to just hardcode the values >> on the script this way. >> >> The approach I'm looking is to use the ansible-vault variables on the fly >> with the script and after the execution step to not leave any traces. >> >> Thanks again, >> N. >> >> On Thu, Jan 15, 2015 at 3:39 PM, Tom Bamford <t...@atpla.net> wrote: >> >>> Hi Nicolas >>> >>> Just a couple of suggestions that spring to mind: >>> >>> You could pass in the vars as environment variables, although these do >>> unfortunately get exposed in syslog and console output. >>> >>> Alternatively you could maybe write them to files on the target host (be >>> it localhost or another host) with tight permissions and remove afterwards? >>> >>> Regards >>> Tom >>> >>> >>> On 15 January 2015 at 14:52, Nicolas G <nicol...@gmail.com> wrote: >>> >>>> Hi, >>>> >>>> I have a bash script that i would like to run locally using the Ansible >>>> shell module , the problem is that want to use some encrypted variables >>>> from Ansible-Vault in that bash script but I think for security reasons >>>> ansible-vault variables are not rendered from the shell module.. >>>> >>>> Is there a better approach for what I want ? >>>> >>>> Please advise.. >>>> >>>> Regards, >>>> N. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ansible-project+unsubscr...@googlegroups.com. >>>> To post to this group, send email to ansible-project@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/8b0ad711-484c-4324-b74a-5661ec36acfd%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/8b0ad711-484c-4324-b74a-5661ec36acfd%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/WgulzWnrnWY/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> ansible-project+unsubscr...@googlegroups.com. >>> To post to this group, send email to ansible-project@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAAnNz0NJgG9Pyn8hh_aB7CEOcwRyXJOyc23nu28MgteASS5nwg%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CAAnNz0NJgG9Pyn8hh_aB7CEOcwRyXJOyc23nu28MgteASS5nwg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ansible-project+unsubscr...@googlegroups.com. >> To post to this group, send email to ansible-project@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CALpo6LVi%3D8W7zGAL%2B7hXrBX9nwxpVt0TLQ42EuaHgMJVPHAWxg%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CALpo6LVi%3D8W7zGAL%2B7hXrBX9nwxpVt0TLQ42EuaHgMJVPHAWxg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/WgulzWnrnWY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAAnNz0Nk7QxZhN0O9zwX9uGP19P1zuFb%2BKA1oQd-hBtrsATAfA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAAnNz0Nk7QxZhN0O9zwX9uGP19P1zuFb%2BKA1oQd-hBtrsATAfA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CALpo6LXhJUFq1xgyfyDMrxtbb3DKTq_T%2BiL7D%2B2npDHjiX_Sdg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
