I’m using vault for the first time (previously used dotenv) and am following the instructions here.
Specifically, the line:
You should adjust the variables in the vars
file to point to the matchingvault_
variables
Any guidance please on how to achieve this?
Many thanks!
Lets say you have a group webservers, the doc recommends this approach.
group_vars/webservers/vars
Hi, Kai;
Thanks for your reply. I followed your instructions (which is what I had already tried) but it doesn’t work for me.
Here is my tree:
10:35 $ tree
.
├── group_vars
│ ├── standalone.yml
│ ├── vault.yml
And here is the command I am running:
ansible-playbook -v -i inventory/standalone/standalone services/standalone.yml --vault-password-file ~/.vault_pass.txt -u vagrant --tags “filebeat”
This gives me the following error:
fatal: [192.168.1.99]: FAILED! => {“changed”: false, “failed”: true, “msg”: “AnsibleUndefinedVariable: {{ vault_forwarder_crt }}: ‘vault_forwarder_crt’ is undefined”}
In my standalone.yml I have forwarder_crt: "{{ vault_forwarder_crt }}"
and then I have the variable vault_forwarder_crt
in vault.yml (which is encrypted).
Did I miss something from your instructions, or misunderstand?
Thanks in advance!
Within group_vars there needs to be a directory named after the group which contains vars(.yml) and vault(.yml)
Kai's example uses the group named webservers and works
Awesome!
Even though you could stick vaults within roles, I wholeheartedly recommend managing them within inventories preferably within groups as it’ll let your environments vary and avoid cherry picking hosts.