How to point `vars` to matching `vault_`?

I’m using vault for the first time (previously used dotenv) and am following the instructions here.

Specifically, the line:

You should adjust the variables in the vars file to point to the matchingvault_ variables

Any guidance please on how to achieve this?

Many thanks!

Lets say you have a group webservers, the doc recommends this approach.

group_vars/webservers/vars

Hi, Kai;

Thanks for your reply. I followed your instructions (which is what I had already tried) but it doesn’t work for me.

Here is my tree:

10:35 $ tree

.

├── group_vars

│ ├── standalone.yml

│ ├── vault.yml

And here is the command I am running:

ansible-playbook -v -i inventory/standalone/standalone services/standalone.yml --vault-password-file ~/.vault_pass.txt -u vagrant --tags “filebeat”

This gives me the following error:

fatal: [192.168.1.99]: FAILED! => {“changed”: false, “failed”: true, “msg”: “AnsibleUndefinedVariable: {{ vault_forwarder_crt }}: ‘vault_forwarder_crt’ is undefined”}

In my standalone.yml I have forwarder_crt: "{{ vault_forwarder_crt }}" and then I have the variable vault_forwarder_crt in vault.yml (which is encrypted).

Did I miss something from your instructions, or misunderstand?

Thanks in advance!

Within group_vars there needs to be a directory named after the group which contains vars(.yml) and vault(.yml)

Kai's example uses the group named webservers and works

Confirmed, works!

Thank you to both!

Awesome!

Even though you could stick vaults within roles, I wholeheartedly recommend managing them within inventories preferably within groups as it’ll let your environments vary and avoid cherry picking hosts.