'Ansible vault wrapping script with GPG
I was tring to find the most secure way of using ansible vault in a docker env and the option of keeping the password as plain text in a file seems not so good so i saw a post about protecting the plain text file with gpg, now it all works great except that the gpg file is asking for its password randomly and it is on a docker container so it does not help :(
Here is how i set this up: gpg-wrapper.sh -
#!/bin/sh
VAULT_PW_FILENAME="/base/vaults/vault.gpg"
gpg --quiet --batch --use-agent --decrypt $VAULT_PW_FILENAME
ansible.cfg -
vault_password_file = /base/vaults/gpg-wrapper.sh
encrypted like this:
gpg -c vault #which created the vault.gpg file
Is there another way for it ? a better one? or a way to keep gpg to ask the password once? Thanks!
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|