@iyami5 Inventory files can be entirely ansible-vault encrypted or have encrypted vars in otherwise plaintext files. Of course, you need to pass the vault decryption information to ansible someway somehow for it to be consumed. However, you don’t want to have that vault password stored in the project itself that the inventory is sourced from.
@dkoci Unfortunately, and this has been part of recent discussions in the AWX community meetings, there are limitations on what and where credentials types can be used. The ansible-vault credential type (as well as custom credential types), for e.g., cannot be used with inventory sources. The only way to work around this is that I am aware of is to add the vault password information to a custom EE, and specify that EE for the inventory source. Then that EE can automatically decrypt the inventory. You don’t necessarily want to bake this into your global EE, as that may conflict with using ansible-vault credential types in the places they can actually be used.
Hopefully in the near future, AWX will support using more/all credential types in more/all contexts.
I am a bit confused. Why should I use vault password in case of inventory source? My inventory file and ansible.cfg file are not encrypted with ansible-vault. The only thing which is encrypted is some variable which doesnt have anything to do with ineventory source.