Question:
The settings
Consider an Ansible inventory file similar to the following example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[san_diego] host1 host2 [san_francisco] host3 host4 [west_coast] san_diego san_francisco [west_coast:vars] db_server=foo.example.com db_host=5432 db_password=top secret password |
The problem
I would like to store some of the vars (like db_password) in an Ansible vault, but not the entire file.
How can a vault-encrypted ansible file be imported into an unencrypted inventory file?
What I’ve tried
I have created an encrypted vars file and tried importing it with:
|
1 2 |
include: secrets |
To which ansible-playbook responded with:
|
1 2 |
ERROR: variables assigned to group must be in key=value form |
Probably because it tried to parse the include statement as a variable.
Answer:
If your issue is to have both unencrypted and encrypted vars files per group_hosts.
You can use this ansible feature : http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults
|
1 2 3 4 5 |
group_vars/ san_diego/ vars.yml # unencrypted yaml file vault.yml # encrypted yaml file |
Ansible will read automatically vault.yml as encrypted yaml file.