Ansible-vault不适用于--vault-password-file
[英]Ansible-vault doesn't work with --vault-password-file
问题描述
for some kind of yml files that we have to store passwords (of MySQL users) we use ansible-vault encrypt to maintain some security. 
对于某些我们必须存储(MySQL用户的)密码的yml文件,我们使用ansible-vault加密来保持一定的安全性。
The problem is every time we have to edit we are forced to input the password. 问题是每次我们必须进行编辑时,我们都必须输入密码。
I was looking how to fix this and seems is pretty easy but I couldn't make it work yet. 我一直在寻找解决方法,似乎很简单,但目前还无法完成。
I've created a file in my home directory called: 我在主目录中创建了一个文件:
.vault_pass.txt
inside of that, I have the password. 在里面,我有密码。 And in the ansible.cfg in my repository I have the variable: 在我的存储库中的ansible.cfg中,有变量:
vault_password_file = ~/.vault_pass.txt
Didn't work as expected. 没有按预期工作。 So I tried to force ansible-vault command to read the file with this parameter 所以我试图强制ansible-vault命令使用此参数读取文件
# ansible-vault decrypt --vault-password-file ~/.vault_pass.txt vars/vars-mysql-config.yml
Output error: 输出错误:
ERROR! input is not vault encrypted data for vars/vars-mysql-config.yml
It seems I forgot something here but I wasn't able to find the right info. 似乎我在这里忘记了一些东西,但是找不到正确的信息。
Anyone has any idea about that? 有人对此有任何想法吗?
Thanks guys! 多谢你们!
1 个解决方案
解决方案1
2 已采纳 2017-02-08 10:04:35
I guess you misuse decrypt command instead of view . 我猜你误用了decrypt命令而不是view 。
To view encrypted file use view : 要查看加密文件,请使用view :
ansible-vault view --vault-password-file ~/.vault_pass.txt vars/vars-mysql-config.yml
If you want to decrypt the file and leave it in plain text, use decrypt : 如果要解密文件并保留其纯文本格式,请使用decrypt :
ansible-vault decrypt --vault-password-file ~/.vault_pass.txt vars/vars-mysql-config.yml
If you try to run decrypt command second time, it will give you expected error: 如果您尝试第二次运行decrypt命令,它将给您预期的错误:
ERROR!
because file is already plain-texted. 因为文件已经是纯文本格式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.