Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Update vault docs for client scripts, multiple keys and misc #43993
Update the ansiblle-vault docs to explain the special handling of -client scripts which are passed the vault id.
Also update the ansible-playbook docs of vault to prefer --vault-id and indicate that multiple keys are suported.
The switch to vault-id is based on the main ansibe-vault docs indcating that's the preferred option. I'd particularly like confirmation that this is preferred as personally I'd argue in favour of preferring ask-vault-pass/vault-password-file over vault-id when only a single key is in use since the vault-id syntax is confusing when the vault is not named.
I'm trying to work out the status of the single vault options to make sure the tone and guidance is consistent between the two pieces of documentation. Are they:
I gathered from the vault documentation that the state was 3, but If I've miss-understood that I'll update both docs to reflect the state.
If the state is 3 I'll just update the doc to be clearer that they still work but are discouraged.
referenced this pull request
Aug 14, 2018
Aug 18, 2018
Based on discussion in the IRC chat it seems --ask-vault-pass and --vault-password-file are preferrable when there's only a single password in use.
So latest commits rework both the vault and playbookkk documentation to be consistent that:
Then add the documentation of the client scripts in the context of that.
To make this read better I've moved the Vault Ids and Multiple Vault Password section of the vault docs to the top with the rest of the concepts so vault id's are introduced early before the examples of using them.
Thanks for the documentation update, @orthanc, around using multiple
I have not tested all the approaches described in this PR, but assuming that they are all correct, I'd say this PR is an improvement. Take care of the typos and it gets a thumbs-up from me.
I've fixed the typos and removed the two explicit note boxes about support being added in 2.4.
There are a number of other references to 2.3, 2.4 or even 2.1 remaining in these two files, but replacing all of those requires a bit more re-writing so I'd prefer to do that in a subsequent PR.
Similarly I think @dglinder 's suggestion of clarifying creation of multiple vaults would also be better in a subequent PR as it will likely open a best practice / preference discussion. There's pretty resonable overap with the sections that need version number's removed so I'll likely tackle both of these as one PR.