Hello all,

Given the following, let’s say part of a host_vars or group_vars definition file (YAML):

ssh_listen_port: 22
other_generic_var: alpha
sites:

• name: the_domain
  repository: git@github.com…project.git
  instances:
  production:
  alpha: bravo
  charlie: 123
  db:
  database: the_domain
  user: the_domain
  pass: the_domain_db_pw
  secrets:
  separate_file_a:
  secret1: ! ‘’
  secret2: ! ‘’
  separate_file_b:
  secret1: ! ‘’
  secret2: ! ‘’

• name: another_domain
  …
  … and so on …

How can I use separate templates for writing out vars contained within ‘secrets’, or can I? Searched high and low, tried a variety of different things - it needs to write the “secrets” data to separate files (not a requirement of mine so I can’t get around it) and logically it makes sense, in the data structure, to keep it as a property of the “site” itself. I’m working on a custom module for it now, if that’s the best way to go then I’ve already got a head start (although my implementation around reading the data feels brittle), but wondering if there was an easier/better way…

Thanks!

“How can I use separate templates for writing out vars contained within ‘secrets’, or can I?”

You can in fact reference other variables that get evaluated lazily on demand.

For instance, assume you have:

vars_files:

• common.yml
• /path/to/secrets/secret.yml

In common.yml you can actually reference variables in secret.yml

secrets:
blarg: “{{ variable_from_other_file }}”

Notice this works even if the type of variable_from_other_file is not a basic string or number (you can include lists, even), but you’ll still have to quote it.

Hmm… essentially the idea then is to make the nested var a top level var? Thank you. That does put me a little bit closer, the only issue with that is that in order to refer to that variable (that exists within a list) I’d have to refer to it by index, e.g.:

secrets.yml