Closed chrillep closed 1 year ago
swalkinshaw
commented
1 year ago I don't think there's anything Trellis needs to do here. Trellis defaults to Ansible's default which is a .vault_pass file. You can easily edit the Ansible config file to specify a custom vault pass which can also be a shell script!
Here's a good tutorial I found: https://www.inetsix.net/posts/Ansible-vault-1password/
chrillep
commented
1 year ago I don't think there's anything Trellis needs to do here. Trellis defaults to Ansible's default which is a
.vault_passfile. You can easily edit the Ansible config file to specify a custom vault pass which can also be a shell script!Here's a good tutorial I found: https://www.inetsix.net/posts/Ansible-vault-1password/
Yeah sorry! Im really not connecting the dots here. Brain 🧠not firing good this morning.
step
but i get you don't want to stray from the defaults.
swalkinshaw
commented
1 year ago set ansible.cfg > vault_password_file to
vault_password_file=ansible_vault_1p_passwordansible_vault_1p_password is a shell script (in your $PATH somewhere) which uses the 1p CLI to get the password.
but i get you don't want to stray from the defaults.
We use the defaults to make it easier for people with a use case like one to follow Ansible's docs and standard ways of customization 😄
Summary
We use 1pass to fetch vault_pass string and store it to file. If we could skip this step it would be "one less" thing to have to handle.
With that said. I would love if Trellis would provide an out of the box solution to handling vault_pass "not on file".
AC:
refs:
Additional context
No response