Pass vault variables into large config vault file.

Colin_Byrne · December 18, 2015, 12:36am

Hey,

So I have a large config file that needs to be encrypted when pushed to a private repository. There are multiple server groups which it would be pushed too, so ideally I would be able to pass vars in to it, depending on the group. These vars would have to be encrypted as well. I feel like I have a pretty good understanding of the vault and its capabilities and limitations, and I am not sure if this would be possible for two reasons:

Ansible vault does not seem to be able to encrypt full files, just variable files (although my large config file is natively a .yml files, so It may be possible in this case)
I haven’t seen anyone else pass a vault variable into another vault-decrypted file

I am still just getting started with ansible and am therefore pretty slow, so I just wanted to know your opinions on the feasibility of this before I invest the time. Is there another simple encryption method that I could achieve the same results with?

Sincere thanks for any help, C

alexey.vazhnov · December 18, 2015, 6:44am

May be you need to use big template with some vars stored in vault storage?

Colin_Byrne · December 18, 2015, 5:14pm

But can you encrypt the template somehow?

alexey.vazhnov · December 22, 2015, 6:41am

No, I suggest to use big unencrypted template with no private data and crypted variables in vault storage. Usually in big configuration file not all data need to be secured, only some variables.

Topic		Replies	Views
encryption Ansible Project	3	0	February 17, 2015
Encrypted variables for hosts Ansible Project	2	0	July 25, 2018
Is it possible to encrypt non-YAML data with Vault? Ansible Project	3	1	April 17, 2014
vault and git do not mix Ansible Project	9	0	February 10, 2017
How to setup variable files to contain multiple versions of vaulted variables Ansible Project	0	0	August 20, 2018

Pass vault variables into large config vault file.

Related topics