Read vault password from bitwarden instead of filesystem

https://theorangeone.net/posts/ansible-vault-bitwarden/
2021-12-20 17:25:18 +00:00 · 2021-12-20 17:25:18 +00:00 · 9e473265a5
commit 9e473265a5
parent b50659ab5d
5 changed files with 6 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -112,7 +112,6 @@ dmypy.json
 # End of https://www.gitignore.io/api/python,ansible
 env/
 ansible/.vault_pass
 ansible/galaxy_roles
 ansible/galaxy_collections
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@
 ### Private Settings
-The ansible vault password needs setting in `ansible/.vault_pass`.
+Ansible [integrates](https://theorangeone.net/posts/ansible-vault-bitwarden/) with Bitwarden through its [CLI](https://bitwarden.com/help/article/cli/).
 Terraform configuration needs to be placed in `terraform/secrets.auto.tfvars`.
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -7,6 +7,7 @@ collections_path = $PWD/galaxy_collections
 inventory = ./hosts
 become_ask_pass = True
 interpreter_python = auto
 vault_password_file = ./vault-pass.sh
 [ssh_connection]
 pipelining = True
--- a/ansible/vault-pass.sh
+++ b/ansible/vault-pass.sh
@ -0,0 +1,3 @@
 #!/bin/sh
 bw get password infrastructure
--- a/scripts/ansible/deploy.sh
+++ b/scripts/ansible/deploy.sh
@ -4,4 +4,4 @@ set -ex
 cd ansible/
-time ansible-playbook main.yml -K --vault-password-file .vault_pass $@
+time ansible-playbook main.yml -K $@
`@ -4,4 +4,4 @@ set -ex`

	`cd ansible/`	`cd ansible/`

	`time ansible-playbook main.yml -K --vault-password-file .vault_pass $@`	`time ansible-playbook main.yml -K $@`