在目录中有一个名为myFile.properties.j2的文件,该文件用于剧本使用的角色之一的任务
文件内容:
my.super.pwd=nope
my.otherSuper.pwd= !vault |
$ANSIBLE_VAULT;1.1;AES256
38663664363362333264343934373066623330373736646232663337353062383731346234363937
3131633062366462643261323333303438333330343231370a626639333066303562373964633035
30653433303165333734386131353861366637393430636364386439386666363331656330393830
3961666132396561350a326266633462653335626466623464316461313061373532633136353734
30613030363837333833656239626236323036356265313435636232633031323432626338663838
33663135346364316135386239663063623363656661643635353032636365663464356235396466
663633333832623963393334633666383964
and.antoher= !vault |
$ANSIBLE_VAULT;1.1;AES256
38663664363362333264343934373066623330373736646232663337353062383731346234363937
3131633062366462643261323333303438333330343231370a626639333066303562373964633035
30653433303165333734386131353861366637393430636364386439386666363331656330393830
3961666132396561350a326266633462653335626466623464316461313061373532633136353734
30613030363837333833656239626236323036356265313435636232633031323432626338663838
33663135346364316135386239663063623363656661643635353032636365663464356235396466
663633333832623963393334633666383964
another.pwd.net=nope
and.another.pwd=nope
正在使用它的任务:
- name: "Template the secrets files"
template:
src: "{{ item.src }}"
dest: "{{ somewhere }}/{{ item.path | basename | regex_replace('.j2$', '') }}"
force: true
mode: '0440'
owner: "{{ somebody }}"
group: root
with_filetree: "{{ some_dir }}"
when: item.state == 'file'
问题是,一旦剧本被播放,文件保持原样和没有秘密被解密.
有什么想法吗?
如果我保存所有的文件,它工作得很好,但是当我试图只保存变量时,它不工作,文件保持不变。
Ansible会自己解密所有变量,不需要你这样做,但是你必须把秘密保存在支持加密值(vars, plays, tasks)的Ansible文件的Ansible vault中。