One solution to the inconvienince of changing the inline vault variable is to use prefix the vault variable with vault_ and store the actual secret data in a file. Then reference the vault variable with vault_xxx. This way when you can use ansible-vault edit/view etc but still make the variable searchable via grep(i.e. you get the benefit from both approaches)
Here are some links with more description. https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#variables-and-vaults A more detail write up https://www.digitalocean.com/community/tutorials/how-to-use-vault-to-protect-sensitive-ansible-data-on-ubuntu-16-04 Tony Chia On Tuesday, August 14, 2018 at 10:35:01 AM UTC-7, Dick Visser wrote: > > Hi > > I've come to like the inline encrypted variable > ( > https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html#single-encrypted-variable) > > > as this is handy for instance with larger data structures that only > contain one of two sensitive values. > > Management of those values is quite a pain however. It usually > includes manually copying the encrypted string to a new file, fix the > indentation, then running ansible-vault on the file. > > Editing plain files is easy, editing encrypted files is also easy. > Is there maybe some (vi) plugin that lets you edit the inline > encrypted vars in a more user friendly way? > > Thanks! > > Dick > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20eacfd1-1f66-48f8-80c9-cedbc8f8328e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
