On Thu, May 22, 2014 at 1:16 AM, Michael DeHaan <[email protected]> wrote:
> "Using Vault in group_vars has the downside of losing version control on > the vaulted file" > > This is not neccessarily the case. > > group_vars/ folders are also loaded if they live alongside the playbook, > so that can be a good option. > > You could also keep the variables in a role vars/ directory and pull them > in to hosts that need them. > > In fact, a role can contain nothing but vars, and that works too! > > Yeah I know, but that's not helping my specific use case, as I need different sensitive variables based on inventory, not role or playbook. Serge's suggestion was what solved it for me - too bad this feature isn't documented! > > On Wed, May 21, 2014 at 11:21 AM, Hagai Kariti <[email protected]> wrote: > >> Whoa, dude. Didn't know that trick. Yeah that actually solves my case >> pretty nicely. Thanks a bunch. >> >> On Wednesday, May 21, 2014 6:16:19 PM UTC+3, Serge van Ginderachter wrote: >> >>> >>> On 21 May 2014 16:53, Hagai Kariti <[email protected]> wrote: >>> >>>> It's really the same idea as group_vars. For each group a host is a >>>> member of, two files are included: >>>> - The file under group_vars/, as usual >>>> - The vaulted file under the vaulted group_vars dir >>>> >>>> This allows you to separate the sensitive and normal parts of your >>>> group_vars, so that you won't lose version control on the normal parts. >>>> >>> >>> OK, actually, you already can do something similar, what I do: >>> >>> for each group X I have a directory group_vars/X/ >>> >>> every file in that dir will be loaded for group X >>> then you van have a group_vars/X/secret.yml e.g. which is vaulted. >>> >>> Would that work for you? >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/cc0d252e-fb8b-407e-abf1-3bad7c19eae0%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/VgGIyBhFtZM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx4yAt_LJsc3nn%2BQWxhXDGd8_aj2zk7pyGTEi1yKPBCvw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAO0%3DbmHB44%3DyFj-oW7%2B25MCdzFytXjpCoCY82GoBqZGO%2BLiW0A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
