> Well, it will work, but this is still a workaround. You still have to > maintain two files and edit them both for a single addition. Also, it > becomes more complicated if you have repeated variable names and values. > It is a trick, no doubt But it's simple, pretty straightforward and self documented. We use it everyday and don't feel any overhead because of it. Passwords are not edited so often, and in the end not that many.
> For example, how much complexity you have to introduce in your separate > vault file in order to handle a simple variable file like the following ? > Of course, you end up duplicating your password entries. But with a consistent convention it's painless. Unfortunately, the Ansible team has not (yet) given an answer on whether a > command-line option to enable a simple syntax for leaf-node encryption mode > would be considered for ansible-vault (keeping the current whole-file > encryption mode as the default mode). There was a feature request for this > mode and discussion by many people _before_ vault's release and it seems it > is still desired by people _after_ vault's release. I read the thread at the time, and agreed that leaf encryption was a better way, but since we use this, I really don't feel it's that necessary, on a day to day usage. raphael. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/06060672-1c42-4fd0-9f77-009374f6d7ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
