Hello. Our fundamental issue is that we have secrets which are binary files (e.g. java keystore, etc) which we want to protect. Including them as a vault file in the role would be great, but there currently doesn’t seem to be a way to do this. The comments in the PR below have some discussion on the issue.
Extending the copy module to have a “vault” flag which would decrypt the file with the vault system and then upload it would be dandy.
Thoughts from the hive mind?
Thanks.
Checkout credstash.
http://docs.ansible.com/ansible/playbooks_lookups.html#the-credstash-lookup
Credstash looks great…except that we’re not using AWS.
it is on my list and there are already a few feature requests to add
'transparent' copy of vault files. I'll be very happy if anyone beats
me to it.
You could also base64 encode the file first and then decode it.
Base64 works for me, too. But it would be nice if the copy module would support “content” in Base64.
At the moment I use the shell module:
I use Keepass to store the base64 code. But this shouldn’t make any difference…