vault-id and multiple password files in ansible.cfg

kompastver · January 31, 2018, 11:27am

Hi,
We’re using vault files encrypted with multiple vault-id in our projects.
Everything works fine when we do something like:

ansible vault --vault-id generic@~/.ansible/generic-password --vault-id prod@~/.ansible/prod-password ...

But it’s not convenient way to pass password files for each vault id as cli arguments.
Previously, before vault-id, we used single password for everything and we just added “vault_password_file=~/.ansible/password” into ansible.cfg.
Is there any way to add multiple password file in ansible.cfg for each vault id?
The most straight way as for me, is to add something like this

[defaults] vault_password_file=generic@~/.ansible/generic-password vault_password_file=prod@~/.ansible/prod-password

And of course it doesn’t work.
But how can I do it right?

Thanks.

hans_petterson · April 27, 2018, 11:45am

Hi,

just stumpled upon the same problem. Using the cli --vault-id is not really practicable in our case. No one wants to write this long string. Vault-id seems like a nice thing… but not really thought through. Or am I missing something?

Yours

Topic		Replies	Views
Vault Ids and Multiple Vault Passwords Ansible Project	1	0	July 29, 2018
ansible.cfg with multiple vault files. Ansible Project	0	1	November 24, 2017
Vault Ansible Developer	0	0	July 24, 2020
support for multiple vault passwords / https://github.com/ansible/ansible/pull/22756 Ansible Developer	0	0	July 24, 2017
2.4 support for multiple vault passwords, looking for feedback Ansible Project	0	0	July 26, 2017

vault-id and multiple password files in ansible.cfg

Related topics