It does make sense to store secrets in an encrypted vars file.
One downside of this approach is that the var names in that file also
go under the radar.
So hard to find in git commits etc because the entire file is encrypted.
It you just have one or two secrets then I'd use inline encrypted vars:https://docs.ansible.com/ansible/latest/user_guide/vault.html#use-encrypt-string-to-create-encrypted-variables-to-embed-in-yaml
I find this especially useful for structured vars like dicts or lists
that only contain one or two secrets.
On 24 July 2018 at 19:22, <[EMAIL PROTECTED]> wrote:
To post to this group, send email to [EMAIL PROTECTED].