Unable to test from current location but do you need to delegate_to for this?
On Tue, May 28, 2024 at 7:23 AM Dick Visser <[email protected]> wrote: > > > On Tue, 28 May 2024 at 15:17, Dick Visser <[email protected]> wrote: > >> >> This seems to work, and because ansible.cfg contains the right >> information (vault_identity_list, vault_encrypt_identity) the encrypted >> content looks good, when I'm debugging. >> But the actual file contents are plain text again. It seems the copy >> module decrypts the encrypted content again? How can I force the content to >> NOT be decrypted? >> > > To quickly answer my own question: there is a decrypt parameter: > https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html#parameter-decrypt > I had never noticed that 🤡 > > So the first task does work now. > > Still my other question remains: > > >> Another approach is the vault filter, which seems to be a bit cleaner. I >> thought this would do the trick: >> >> - name: save token >> ansible.builtin.copy: >> content: "{{ token | ansible.builtin.vault }}" >> dest: /tmp/out2 >> mode: 0600 >> >> But that didn't work, the filter insists on an actual secret value. I >> then must do a separate lookup for the ansible vault password. But the >> vault password file can also be an executable that sends the secret to >> stdout. I don't want to have to implement that logic myself. >> >> Is there a way for the ansible.builtin.vault filter to use the >> vault_identity_list and vault_encrypt_identity that are in ansible.cfg? >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAF8BbLYAsqbxCdZf8CU51%3DjCw5MJT-rwg%3DYweT7R%2BU6n4kAMLg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAF8BbLYAsqbxCdZf8CU51%3DjCw5MJT-rwg%3DYweT7R%2BU6n4kAMLg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Andrew "lathama" Latham - -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S890JNmisy6LkoHkJN8RA1_neDHmCL1XP0e7EwRm-Gx7w%40mail.gmail.com.
