Allow usage of vault variables in inventory file

[danaelg]

It would be nice to be able to use vault variable in the inventory file to secure sensitve data (such as glpi_apptoken and glpi_usertoken)

It has been done on vmware plugin https://github.com/ansible-collections/community.vmware/issues/854 I'll try to take a look and do it by myself then create a PR.

[fmenabe]

It is already supported for authentication parameters! There is a comment at the end of this section and, just to be sure, I re-tested it:

$ vim exemples/glpi-api.yml
plugin: unistra.glpi.inv

glpi_url: https://xxxxxxxxxxx/apirest.php
glpi_apptoken: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38316330313732333430383837393133663664643337333037303761356432326563303539363936
  3831643764366366636361346466363639623365633136640a306139363063636466326666363434
  30613535336231646362366163373837353334326435383832333163623232356531653735383736
  ...
glpi_usertoken: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  62626135646432323938323937653665326162303139313061626663396261653065373933336531
  3539616138376433343263336362373935373132653663350a396530396230366361613964653062
  ...
...
$ ansible -i exemples/glpi-api.yml all --list-hosts --vault-id @prompt

I looked at the code and I just cast to str authentication parameters. It works because the AnsibleVaultEncryptedUnicode.__str__ method returns the data attribute of the object (cf)

[danaelg]

Thanks for your reply. I've tested with a vault file and could not get it to work. As I didn't see the comment you mentioned, nor did I see any encrypted variables in the example files, I concluded that it was not possible.

As I always RTFM (better)... 😆

Sorry for the inconvenience

[fmenabe]

No problem. The example file was not containing any example with vaulted variable so there was only the small comment in the README! I'll update the example file with vaulted sample.