It would be great if schema-enforcer ansible could handle inventory files with vaulted variables in them. At the moment part of the stack trace when doing so is:
__init__.py", line 640, in decrypt
plaintext, vault_id, vault_secret = self.decrypt_and_get_vault_id(vaulttext, filename=filename, obj=obj)
File "/home/bp/gitlab/framestore/systems/monitoring/fop/venv/lib/python3.10/site-packages/ansible/parsing/vault/__init__.py", line 678, in decrypt_and_get_vault_id
raise AnsibleVaultError('Attempting to decrypt but no vault secrets found')
Proposed Functionality
I propose the command be extended to provide vault IDs in a similar way to what ansible-inventory provides. The invocation would look something like this:
This is useful when validating host/group vars that contain secrets. Those can be anything ranging from BGP peering passwords (8 character length limit) or validating that passwords adhere to certain requirements or even validating YAML files that are completely encrypted.
Environment
It would be great if
schema-enforcer ansiblecould handle inventory files with vaulted variables in them. At the moment part of the stack trace when doing so is:Proposed Functionality
I propose the command be extended to provide vault IDs in a similar way to what
ansible-inventoryprovides. The invocation would look something like this:Use Case
This is useful when validating host/group vars that contain secrets. Those can be anything ranging from BGP peering passwords (8 character length limit) or validating that passwords adhere to certain requirements or even validating YAML files that are completely encrypted.