I have tried using the gpg script works amazing BUT - the gpg file askes randomly the password again and again so i cannot really relay on that. i used like this :
gpg-wrapper.sh - #!/bin/sh VAULT_PW_FILENAME="/base/vaults/vault.gpg" gpg --quiet --batch --use-agent --decrypt $VAULT_PW_FILENAME ansible.cfg - vault_password_file = /base/vaults/gpg-wrapper.sh encrypted like this: gpg --quiet --batch --use-agent --decrypt vault ב-יום שלישי, 22 במרץ 2022 בשעה 13:16:01 UTC+2, [email protected] כתב/ה: > On 22/03/2022 12:05, R Batchen wrote: > > Hey, > > I dont understand how ansible vault is safe if i want to use in a > script i need to give ansible > > the file where the password is saved in plain text.. so i dont get it > > > > i do get it being safe if i do a prompts for the password with > --ask-vault-pass > > but when i point to ansible using --vault-password-file or export global > variable with pass it is saved on the system\file as plain text > > > > what am i missing? > > You can use a GPG encrpyted password file with a wrapper script. > > Regards > Racke > > > > > Thanks! > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <mailto: > [email protected]>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/4ae3f1e6-f4c0-4214-b0a4-d2c5208dcfd6n%40googlegroups.com > > < > https://groups.google.com/d/msgid/ansible-project/4ae3f1e6-f4c0-4214-b0a4-d2c5208dcfd6n%40googlegroups.com?utm_medium=email&utm_source=footer > >. > > > -- > Automation expert - Ansible and friends > Linux administrator & Debian maintainer > Perl Dancer & conference hopper > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/da0335a2-13be-4d56-b4e6-0eef2f0f9872n%40googlegroups.com.
