URL:
Reporter RHNID:
Section: - Managing Secrets
Language: en-US (English)||||||||
Workaround:

Description: There is no example with showing how to create vault-id's in the book only how to use them. During a T3 delivery, this came up as the first thing.

As part of experimentation, I took the GE: Managing Secrets exercise and man pages/usage to create my own test with creating a vault-id.

Initially keyed it with a DEV key

[student@workstation data-secret]$ ansible-vault rekey --vault-id dev@prompt secret.yml
Vault password (dev):
New Vault password:
Confirm New Vault password:
Rekey successful

Then changed it to an OPS key

[student@workstation data-secret]$ ansible-vault rekey --vault-id ops@prompt secret.yml
Vault password (ops):
New Vault password:
Confirm New Vault password:
Rekey successful

Then by accident stumbled upon ...

From this example, it is clear that I specified the dev vault-id even though one would think it was the OPS vault-id.

[student@workstation data-secret]$ ansible-playbook --vault-id dev@prompt create_users.yml
Vault password (dev):

PLAY RECAP *********************************************************************
servera.lab.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

So the question is how does this work. Can we get an instructor tip? Can we get the book updated with a better usage example and explanation on this?