I’ve been using a pattern of base64 encoded values and jinja templates deal with storing binary data in vaults and have put together scripts to simplify the process; I’ve found them pretty useful and figured others might get some use out of them.
https://github.com/sgargan/ansible-vault-tools
I’ve considered writing a dedicated module to take the place of the playbook and template, but in the meantime this works pretty well.
regards,
Steve.
If the primary goal of this is to encrypt the value given to the “src” of a copy operation (or template operation), I wonder if there’s a better way to make this happen without needing to shell out to an extra CLI.
It might require vault knowing that a file is not YAML when it is executed though…
Building this into the copy plugin would definitely be the way to go; the vault header could have a flag to denote the contents and distinguish binary from yaml.