Ansible vault encrypts files, and it should encrypt values instead.

[gtmtech]

Issue Type: - Feature Idea

Ansible Version: All versions

Ansible Configuration: N/A

Environment: N/A

Summary: N/A

Ansible vault encrypts files. It should instead encrypt values in key/value pairs, within an overall yml structure.
By encrypting values in key/value pairs, this makes the secret files readable, understandable, searchable, they maintain their data structure in a readable format which makes them (most importantly) git-diffable, whilst still keeping secrets safe. There are so many advantages to the encrypting by value approach.

In the puppet world, hiera-gpg did the same, and hiera-eyaml then took over with value encryption instead. Now most people use hiera-eyaml because this approach is far more user-friendly.

I believe chef encrypted data bags also used the encrypt-by-value approach.

[ozbillwang]

+1. I am looking for the same feature as well.

[alikins]

@gtmtech @SydOps Take a look at the pr #16274

Thats a proposed implementation of vault encrypted values in yaml files.

[ozbillwang]

@alikins

Nice job, it has been merged.

[ansibot]

@gtmtech Greetings! Thanks for taking the time to open this issue. In order for the community to handle your issue effectively, we need a bit more information.

Here are the items we could not find in your description:

• component name

Please set the description of this issue with this template:
https://raw.githubusercontent.com/ansible/ansible/devel/.github/ISSUE_TEMPLATE.md

click here for bot help

[ansibotdev]

@gtmtech You have not responded to information requests in this issue so we will assume it no longer affects you. If you are still interested in this, please create a new issue with the requested information.

click here for bot help