Hi,
is it possible to keep the password information generated with the password lookup in a vault-encrypted file?
I want to generate new random passwords for new machines and keep them idempotent. But the already generated passwords should be kept encrypted in the playbook e.g. as vault-file.
“lookup password” seems perfect for this. But they are kept clear text, and can’t be encrypted as a vault?
I tried following which does not work:
task in test.yml playbook:
- name: debug
debug: msg=“{{ lookup(‘password’, ‘passwordfile chars=ascii_letters length=15 encrypt=sha512_crypt’) }}”
ansible-playbook -i “myhost,” --vault-password-file /root/.vault test.yml
passwordfile is generated cleartext
ansible-vault encrypt roles/passwords/files/passwordfile
passwordfile is now al vault
ansible-playbook -i “myhost,” --vault-password-file /root/.vault test.yml
passwordfile is simply overwritten with new clear-text data 
Anyone a cool solution for this?
Cheers
Ulli
