Adam Flinton
2015-07-14 11:06:37 UTC
Dear All,
At the moment we are encrypting all of our host vars with git-crypt as a
few contain secret information.
This is a pain as only a few people need the encrypted parts of the few
encrypted files but it means all people who use ansible etc have to have
git-crypt set up & working etc.etc.
So I would like to find out some way in which just the values which need to
be encrypted can be pulled out into separate files & encrypted.
I see from:
http://docs.ansible.com/intro_inventory.html
That a host/group var file can be replaced with a folder & then
"As an advanced use-case, you can create directories named after your
groups or hosts, and Ansible will read all the files in these directories"
Such that I could have a file called notsecret & another called secret.key
& tell git-crypt just to encrypt "*.key" files.
That way people using instances/roles etc with no secret info could still
use host/group vars w/o gitcrypt
At the moment this seems like the best plan.....but any other suggestions
would be welcome.
For example can a hostvar file perform an inclusion along the lines of
including something akin to
vars_files:
- [ 'files/vars/{{ inventory_host }}.yml','files/vars/default.yml' ]
?
TIA
Adam
At the moment we are encrypting all of our host vars with git-crypt as a
few contain secret information.
This is a pain as only a few people need the encrypted parts of the few
encrypted files but it means all people who use ansible etc have to have
git-crypt set up & working etc.etc.
So I would like to find out some way in which just the values which need to
be encrypted can be pulled out into separate files & encrypted.
I see from:
http://docs.ansible.com/intro_inventory.html
That a host/group var file can be replaced with a folder & then
"As an advanced use-case, you can create directories named after your
groups or hosts, and Ansible will read all the files in these directories"
Such that I could have a file called notsecret & another called secret.key
& tell git-crypt just to encrypt "*.key" files.
That way people using instances/roles etc with no secret info could still
use host/group vars w/o gitcrypt
At the moment this seems like the best plan.....but any other suggestions
would be welcome.
For example can a hostvar file perform an inclusion along the lines of
including something akin to
vars_files:
- [ 'files/vars/{{ inventory_host }}.yml','files/vars/default.yml' ]
?
TIA
Adam
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4dfa149c-7ccc-44ef-acc9-4ca9f8449d25%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+***@googlegroups.com.
To post to this group, send email to ansible-***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4dfa149c-7ccc-44ef-acc9-4ca9f8449d25%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.