I’m looking to put our ~10 SSL certificates in our repository and have them installed with Ansible. From what I can tell, it seems that I can only use vault for data in YAML files, not arbitrary plaintext files. I’ve started makin a YAML file with vars for each cert and private key, but it’s pretty unwieldily.
Ideally, I’d be able put each cert and key in its own file and encrypt each one that way. Is there a workflow to do that that I’ve somehow missed?
Thanks in advance for any help.
It’s only there to encrypt data files for Ansible at this point, as it’s wired in to decrypt if it detects the vault headers in data files.
It could be made to work with the {{ lookup(‘file’, ‘/path/to/file’) }} style lookup plugin, but that’s not something this plugin can do right now.
Pull requests for this would be interesting – or if you’d also like to file a feature idea ticket, we can at least record the idea.
Thanks!
Thanks Michael. The lookup seems like it would still have the same limitations, since the target files would either be out of the repo or unencrypted. I’ll distill my thoughts and do a feature req.
" The lookup seems like it would still have the same limitations, since the target files would either be out of the repo or unencrypted. I’ll distill my thoughts and do a feature req."
Indeed true about the remote nodes, which is kind of why we didn’t do it as part of the original pass.
Thanks!