roots / trellis

WordPress LEMP stack with PHP 8.2, Composer, WP-CLI and more
https://roots.io/trellis/
MIT License
2.51k stars 607 forks source link

💡 Feature Request: Add ability to use vault pass lookup plugins by default. #1501

Closed chrillep closed 1 year ago

chrillep commented 1 year ago

Summary

We use 1pass to fetch vault_pass string and store it to file. If we could skip this step it would be "one less" thing to have to handle.

With that said. I would love if Trellis would provide an out of the box solution to handling vault_pass "not on file".

AC:

refs:

Additional context

No response

swalkinshaw commented 1 year ago

I don't think there's anything Trellis needs to do here. Trellis defaults to Ansible's default which is a .vault_pass file. You can easily edit the Ansible config file to specify a custom vault pass which can also be a shell script!

Here's a good tutorial I found: https://www.inetsix.net/posts/Ansible-vault-1password/

chrillep commented 1 year ago

I don't think there's anything Trellis needs to do here. Trellis defaults to Ansible's default which is a .vault_pass file. You can easily edit the Ansible config file to specify a custom vault pass which can also be a shell script!

Here's a good tutorial I found: https://www.inetsix.net/posts/Ansible-vault-1password/

Yeah sorry! Im really not connecting the dots here. Brain 🧠 not firing good this morning.

step

  1. set ansible.cfg > vault_password_file to ...

but i get you don't want to stray from the defaults.

swalkinshaw commented 1 year ago

set ansible.cfg > vault_password_file to

vault_password_file=ansible_vault_1p_password

ansible_vault_1p_password is a shell script (in your $PATH somewhere) which uses the 1p CLI to get the password.

but i get you don't want to stray from the defaults.

We use the defaults to make it easier for people with a use case like one to follow Ansible's docs and standard ways of customization 😄