From 8999b98a098d48188ec878f48845f03e4f26bbd5 Mon Sep 17 00:00:00 2001 From: Ron V Date: Fri, 1 Sep 2017 14:56:51 -0700 Subject: [PATCH] Update playbooks_best_practices.rst (#26714) fix point of confusion for newer users --- docs/docsite/rst/playbooks_best_practices.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docsite/rst/playbooks_best_practices.rst b/docs/docsite/rst/playbooks_best_practices.rst index 4ad406cb23..3939e38c3a 100644 --- a/docs/docsite/rst/playbooks_best_practices.rst +++ b/docs/docsite/rst/playbooks_best_practices.rst @@ -473,7 +473,7 @@ Variables and Vaults For general maintenance, it is often easier to use ``grep``, or similar tools, to find variables in your Ansible setup. Since vaults obscure these variables, it is best to work with a layer of indirection. When running a playbook, Ansible finds the variables in the unencrypted file and all sensitive variables come from the encrypted file. -A best practice approach for this is to start with a ``group_vars/`` subdirectory named after the group. Inside of this subdirectory, create two files named ``vars`` and ``vault``. Inside of the ``vars`` file, define all of the variables needed, including any sensitive ones. Next, copy all of the sensitive variables over to the ``vault`` file and prefix these variables with ``vault_``. You should adjust the variables in the ``vars`` file to point to the matching ``vault_`` variables and ensure that the ``vault`` file is vault encrypted. +A best practice approach for this is to start with a ``group_vars/`` subdirectory named after the group. Inside of this subdirectory, create two files named ``vars`` and ``vault``. Inside of the ``vars`` file, define all of the variables needed, including any sensitive ones. Next, copy all of the sensitive variables over to the ``vault`` file and prefix these variables with ``vault_``. You should adjust the variables in the ``vars`` file to point to the matching ``vault_`` variables using jinja2 syntax, and ensure that the ``vault`` file is vault encrypted. This best practice has no limit on the amount of variable and vault files or their names.