mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Remove misleading statement passwords must be same (#49798)
* Remove misleading statement passwords must be same Since 2.4 Ansible has supported multiple vault passwords: <https://docs.ansible.com/ansible/latest/user_guide/vault.html#multiple-vault-passwords> Meaning lines like the following are misleading: > The password used with vault currently must be the same for all files you wish > to use together at the same time. -- `docs/docsite/rst/user_guide/vault.rst` To demonstrate this with Ansible 2.7, save the following as `example.yaml`: ``` - name: Display output from two vaults with different passwords hosts: localhost connection: local vars_files: [one.yaml, two.yaml] tasks: - name: View secret from one.yaml vault debug: { var: one } - name: View secret from two.yaml vault debug: { var: two } ``` Then run the three following commands choosing two different passwords: ``` $ echo 'one: 1' | ansible-vault encrypt --vault-id id1@prompt --output=one.yaml $ echo 'two: 2' | ansible-vault encrypt --vault-id id2@prompt --output=two.yaml $ ansible-playbook --vault-id id1@prompt --vault-id id2@prompt example.yaml ``` `ansible-vault` stores an ID in plain text in the vault file. * Remove note about default in Ansible 2.1 As requested by gundalow in https://github.com/ansible/ansible/pull/49798
This commit is contained in:
parent
2e1dd27703
commit
7fbacf920d
2 changed files with 1 additions and 5 deletions
|
@ -38,9 +38,7 @@ To create a new encrypted data file, run the following command:
|
||||||
|
|
||||||
ansible-vault create foo.yml
|
ansible-vault create foo.yml
|
||||||
|
|
||||||
First you will be prompted for a password. The password used with vault currently must be the same for all files you wish to use together at the same time.
|
First you will be prompted for a password. After providing a password, the tool will launch whatever editor you have defined with $EDITOR, and defaults to vi. Once you are done with the editor session, the file will be saved as encrypted data.
|
||||||
|
|
||||||
After providing a password, the tool will launch whatever editor you have defined with $EDITOR, and defaults to vi (before 2.1 the default was vim). Once you are done with the editor session, the file will be saved as encrypted data.
|
|
||||||
|
|
||||||
The default cipher is AES (which is shared-secret based).
|
The default cipher is AES (which is shared-secret based).
|
||||||
|
|
||||||
|
|
|
@ -30,8 +30,6 @@ class VaultCLI(CLI):
|
||||||
|
|
||||||
Because Ansible tasks, handlers, and other objects are data, these can also be encrypted with vault.
|
Because Ansible tasks, handlers, and other objects are data, these can also be encrypted with vault.
|
||||||
If you'd like to not expose what variables you are using, you can keep an individual task file entirely encrypted.
|
If you'd like to not expose what variables you are using, you can keep an individual task file entirely encrypted.
|
||||||
|
|
||||||
The password used with vault currently must be the same for all files you wish to use together at the same time.
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
VALID_ACTIONS = frozenset(("create", "decrypt", "edit", "encrypt", "encrypt_string", "rekey", "view"))
|
VALID_ACTIONS = frozenset(("create", "decrypt", "edit", "encrypt", "encrypt_string", "rekey", "view"))
|
||||||
|
|
Loading…
Reference in a new issue