But how can I include this encrypted variables file in inventory.ini or ansible.cfg, so that I donβt need to add it on each CLI invocation? I tried setting vars_files, but could not make it work.
Note: I would like to avoid changing my play files for this, because they should work even with a plain -K invocation as well.
I donβt really understand what you mean: Do I write βgroups_vars/β in the inventory.ini file? In which section? What exactly do I add to the INI file to include the vault file?
not inside the file, what i posted above represents the file system. It uses a βvars pluginβ, the one shipped with ansible itself (host_group_vars) which will look in directories adjacent to the inventory source file ( group_vars/ and host_vars/) to populate variables for the hosts that have matching group or host name. The βallβ group applies to all hosts and i use it as a directory so you can have multiple files, one of them vaulted.