Open apentori opened 1 month ago
The cache wold obviously have to be encrypted, for example with GPG public key.
I can see at least 3 ways to do this:
/tmp
and is attached to its parent Ansible process./tmp
and time-based, old versions removed.In general I'm leaning towards the temporary approach, but we can start with simple permanent solution in user home and go from there to develop a good temporary approach. The issue with the temporary approach is that you probably can't tell which Ansible call to lookup plugin is the last in a given Ansible run.
In order to make the lookup plugin faster, it could be cool to add a cache to store the secret object during the playbook execution in order to reduce the number of call to vault.