I'm using the ansible_local provisioner for my vagrant box. Some of my variables should be stored in a vault file.
While the ansible provisioner provides ask_vault_pass as configuration option (https://www.vagrantup.com/docs/provisioning/ansible.html#ask_vault_pass), the ansible_local does not.
Is there any workaround?
You can use vault_password_file option.
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.provision :shell, inline: "echo 'password' > /tmp/vault_pass"
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/tmp/vault_pass"
...
end
end
end
.synced_folderCreate vault_pass file, like following.
mkdir provision
cd provision
echo password > vault_pass
and Vagrantfile is following.
Vagrant.configure(2) do |config|
config.vm.box = '...'
config.vm.synced_folder "./provision", "/provision", id: "ansible", owner: "vagrant", group: "vagrant", mount_options: ["dmode=775,fmode=664"]
config.vm.define :controller do |machine|
...
machine.vm.provision 'ansible_local' do |ansible|
...
ansible.vault_password_file = "/provision/vault_pass"
...
end
end
end