Yeahp, im not talking about vault, im talking about protecting / encrypting / compiling ansible app ( by that i mean a series of roles executed for example, by a site.yml ).
By that i mean, any company that builts a product around ansible, a product where this series of roles should be protected as a company asset and salable.
Is there any known way to protect that “code” ( yeah, being just python code and .yml files ) in a distributable way that can be too, executed by ansible ?
hope the question isnt too weird nor senseless.
short answer: No
long answer: Even if we supported encryption, the users would need to be able to decrypt it to execute. Ansible being open source and python it would be trivial to dump to file the decrypted in memory copy of the encrypted files you loaded. It would be a lot of effort to implement a protection that is trivially bypassed.
If you want to hide how you configure/deploy a system or software for your customer then this doesn’t make much sense. If you administer the system then this is no problem at all. And if your customer manages the system by himself he would need this documentation.
But on the other hand Ansible is that flexible that building a cloud web service and hiding a big part of the code/logic wouldn’t be that much of a problem. For example with Jenkins and some permissions you could build a web site where a user can input a SSH access to his own server and run some jobs without direct access to the YAML code.