Hi,
I am interested in the way ansible use the Helper pass to manage the vault password.
My wish is to run a playbook without entering a vault password but instead, i prefer using my gpg key to unlock the pass that manage the vault password.
- pass
- vault
- helper
My old method:
pass ansible/vault | head -1 | ansible-playbook --vault-password-file=/bin/cat -i inventories/template foo.yml
My new wanted method:
Into .ansible.cfg file
[vault]
identity_list = ansible/vault@pass
Then run:
ansible-playbook -i inventories/template foo.yml
But when checking with ansible-config, i do not see the vault part. I wonder why…
So when running the new method, it ask the password key file instead of requesting the gpg password that manage pass.
[WARNING]: Error getting vault password file (ansible/vault): The vault password file
my_directory/ansible/pass was not found
i have tried to create a bash file, /usr/local/bin/ansible-pass.sh
#/bin/bash
pass ansible/vault
and add .ansible.cfg
[vault]
identity_list = ansible/vault@/usr/local/bin/ansible-pass.sh
But is is not better.
Any idea would be appreciated for my problem.
But also, i would like to know yours to manager the vault.