Ansible Vault - Slightly better example? #256
Description
To show how you can take a playbook that has a plaintext API key and encrypt it with vault, maybe a playbook that runs on localhost and just echoes the API_KEY. Start with it unencrypted, then encrypt (similar to current playbook, but actually runnable on the host machine):
---
- hosts: localhost
connection: local
gather_facts: no
vars_files:
- vars/api_key.yml
tasks:
- name: Echo the API key which was injected into the env.
shell: echo $API_KEY
environment:
API_KEY: "{{ myapp_api_key }}"
register: echo_result
- name: Show the result.
debug: var=echo_result.stdoutAnd in vars/api_key.yml:
---
myapp_api_key: "l9bTqfBlbXTQiDaJMqgPJ1VdeFLfId98"