Hi,
I have some templates that generate files based on vault data. These are destined for network devices that have vendor written modules who expect a local file to get the data. The problem is that this leaves the file exposed on the local machine in clear text with the vault data, which makes the vault data not so useful.
The ideal way IMO would be to have ansible encrypt the file with the vault password and then have the tool decrypt the file to load it. There are even some hooks saying that in 2.4 there will be a way for copy to be able to decrypt a file (latest source has the documentation stub and nothing more.)
Given this will not happen in the short future, I am looking for other solutions.
One idea I had was to render the template to stdout and register the result for use in subsequent steps. Is this possible? Is there some other trick I can do to get this to not hit the disk and still be available for following tasks?
thanks,
jerry