Unable to test from current location but do you need to delegate_to for this?
On Tue, May 28, 2024 at 7:23 AM Dick Visser <dnmvis...@gmail.com> wrote: > > > On Tue, 28 May 2024 at 15:17, Dick Visser <dnmvis...@gmail.com> wrote: > >> >> This seems to work, and because ansible.cfg contains the right >> information (vault_identity_list, vault_encrypt_identity) the encrypted >> content looks good, when I'm debugging. >> But the actual file contents are plain text again. It seems the copy >> module decrypts the encrypted content again? How can I force the content to >> NOT be decrypted? >> > > To quickly answer my own question: there is a decrypt parameter: > https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html#parameter-decrypt > I had never noticed that 🤡 > > So the first task does work now. > > Still my other question remains: > > >> Another approach is the vault filter, which seems to be a bit cleaner. I >> thought this would do the trick: >> >> - name: save token >> ansible.builtin.copy: >> content: "{{ token | ansible.builtin.vault }}" >> dest: /tmp/out2 >> mode: 0600 >> >> But that didn't work, the filter insists on an actual secret value. I >> then must do a separate lookup for the ansible vault password. But the >> vault password file can also be an executable that sends the secret to >> stdout. I don't want to have to implement that logic myself. >> >> Is there a way for the ansible.builtin.vault filter to use the >> vault_identity_list and vault_encrypt_identity that are in ansible.cfg? >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAF8BbLYAsqbxCdZf8CU51%3DjCw5MJT-rwg%3DYweT7R%2BU6n4kAMLg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAF8BbLYAsqbxCdZf8CU51%3DjCw5MJT-rwg%3DYweT7R%2BU6n4kAMLg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Andrew "lathama" Latham - -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2Bqj4S890JNmisy6LkoHkJN8RA1_neDHmCL1XP0e7EwRm-Gx7w%40mail.gmail.com.
