URL:
Reporter RHNID:
Section: -
Language: en-US (English)||||||||
Workaround:

Description: Asnible-vault can be very usefull to encrypt/decrypt whole files. What we should show in the course are some real world examples, like how to securely keep and distribute certificate/privet key files.

Most Ansible modules that deals with files support decrypt parameter. That allows us to keep encrypted files and distribute them to managed hosts in decrypted form.

We should just use copy module for that - because it is what we ahve already used, but we should mention that we have that option in other modules

ie playbook.

- name: Testing vault encryption
  hosts: localhost
  gather_facts: no
  tasks:

  - name: Test encrypted copy
    copy:
      src: encrypted.txt
      dest: /tmp/decrypted-copy_with_decrypt.txt
      decrypt: true 

and show them output of
ansible-doc unarchive

 - decrypt
   This option controls the autodecryption of source files using vault.
   [Default: True]
   type: bool
   version_added: 2.4 

and/or ansible-doc script

Might be good to show them that we can even encrypt playbook itself (it doesn't make to much sense ), but show how powerfull it is and that is why we can use it with template module and encrypted template j2 file (just mention - because we teach templates in later chapters).