That's pretty much all you can do today- WinRM doesn't support any useful agent/key-based auth (WinRM certificate auth is nearly useless). It'd be cool if Microsoft could implement something akin to smartcard auth for RDP (which works transparently across remote connections like an ssh agent), but alas, nothing there yet. Microsoft's OpenSSH build has apparently recently added support for key-based auth for both local and domain users, but getting Windows module support working over SSH isn't even on the roadmap yet.
-Matt On Saturday, February 18, 2017 at 3:24:36 PM UTC-8, pixel fairy wrote: > > how does one manage secrets and remote plays? when we only had linux to > deal with, no big deal to ssh -A to a control node, tmux, and have no > secrets stored there at all. > > but now, we have to deal with windows, which doesnt speak ssh. of course > we can keep a vault remotely, and copy paste the passphrase over the ssh > connection, or just run from your laptop and hope the connections stay up. > is there a better way? what do the remote windows admins around here do? > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/37e3c528-8b55-49f7-899a-9d0a7961d6b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
