Closed chrillep closed 1 year ago
I don't think there's anything Trellis needs to do here. Trellis defaults to Ansible's default which is a .vault_pass
file. You can easily edit the Ansible config file to specify a custom vault pass which can also be a shell script!
Here's a good tutorial I found: https://www.inetsix.net/posts/Ansible-vault-1password/
I don't think there's anything Trellis needs to do here. Trellis defaults to Ansible's default which is a
.vault_pass
file. You can easily edit the Ansible config file to specify a custom vault pass which can also be a shell script!Here's a good tutorial I found: https://www.inetsix.net/posts/Ansible-vault-1password/
Yeah sorry! Im really not connecting the dots here. Brain 🧠not firing good this morning.
step
but i get you don't want to stray from the defaults.
set ansible.cfg > vault_password_file to
vault_password_file=ansible_vault_1p_password
ansible_vault_1p_password
is a shell script (in your $PATH
somewhere) which uses the 1p CLI to get the password.
but i get you don't want to stray from the defaults.
We use the defaults to make it easier for people with a use case like one to follow Ansible's docs and standard ways of customization 😄
Summary
We use 1pass to fetch vault_pass string and store it to file. If we could skip this step it would be "one less" thing to have to handle.
With that said. I would love if Trellis would provide an out of the box solution to handling vault_pass "not on file".
AC:
refs:
Additional context
No response