If you want to keep secrets, and work on a mostly remote site, it seems you have a couple options.
1. encrypt the vault with gpg and run from your (hopefully) safe laptop and hope the connection is good 2. run it in tmux at the remote site, but possibly expose your vault credentials. - type the passphrase over ssh means keyboard timing attack. so definitely not. - remote gpg management is a bit scary too. you may trust your co workers, but you never know what their cat is up to. keepassx can type into a window, so thats a possibility. For us the big problem is windows server(as usual), because they dont have ssh. so cant just ssh -A and run a playbook that hits everything. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/73b83510-7451-45b1-afd4-acfa9fd63552%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.