Optional valut import

Hey,

I was wondering if its possible to do optional import of vault encrypted files. i.e. if a password/password file is presented the encrypted file will be included. Else the file will be ignored.

Thanks

Yeah, this is presently not possible unfortunately.

I think this could be potentially confusing unless it threw a warning when attempting to read the file - because you might not know why a variable would be undefined.

If we did this, it would need to be a config setting, default off, in ansible.cfg.

I’m not yet sure that we need to, but one thing that is not possible is to prompt at load time, because you might be halfway into the playbook run – this would make it hard to run ansible via expect type scripts and it would be unpredictable when a prompt might come up.

You could make it work like so: https://gist.github.com/ycombinator/21dd0ca3c0ee9472f64d

Well that would not import it if that first file were not present, yes, but most likely it would be present.

Ah yes, I misinterpreted “if a password/password file is presented” as the vaulted file being present/absent not the vault password/password file. Sorry.

Michael,

I think this makes sense the default behaviour should fail and you should override the ignore import by config or even a command line argument.