Hi all,
I was just wondering what the best practice is for including sensitive variables in an Ansible Galaxy role.
For example, if I were to publish a role which required sensitive (i.e. vault encrypted) data, e.g. an API key, would I just document that this variable was required in the README.md?
Thanks 
Jake Clarkson <jacobwclarkson@gmail.com> napisał:
Hi all,
I was just wondering what the best practice is for including sensitive
variables in an Ansible Galaxy role.For example, if I were to publish a role which required sensitive (i.e.
vault encrypted) data, e.g. an API key, would I just document that this
variable was required in the README.md?
Yes. It's the user that will decide how sensitive that data is to him, and where to store it
Obviously don’t include your AWS key in the defaults or examples, just use dummy values, but it’s up to them.
Folks should be aware of ansible-vault and I don’t think it’s necessary for the galaxy role to remind users to use it, but it’s ok if the role did too.
Definitely doesn’t need to be a list of which variables, etc, as a lot of folks are using private repos and such.