Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault decrypt via command #4

Open
freswa opened this issue Dec 27, 2022 · 2 comments
Open

Vault decrypt via command #4

freswa opened this issue Dec 27, 2022 · 2 comments

Comments

@freswa
Copy link

freswa commented Dec 27, 2022

From the README:

I have plans to add a support to use commands to retrieve a password (eg. using pass or gopass), let me know if you are interested.

I'm just here so say I'm interested :)
I mainly use this repo which uses ansible-vault by defining vault_password_file = misc/get-vault-pass.sh in ansible.cfg
@hv15
Copy link

hv15 commented Feb 24, 2023

Just to add, per https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-vault-password-file, the ANSIBLE_VAULT_PASSWORD_FILE environment variable can be set to either a file (whose content contains the clear text password/key) or a executable file (e.g. a script to return the password on stdout). As with @freswa I also use a script which looks something like:

#!/usr/bin/bash

/usr/bin/gopass -o -n my/ansible/vault/password

@Alveel
Copy link

Alveel commented Apr 12, 2023

This seems to work out of the box for me.

I have ANSIBLE_VAULT_PASSWORD_FILE=$mypath/vault_password.sh in my environment, where the script is executable and just contains a shebang and pass $pass_vault_entry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hv15 @freswa @Alveel