I wanted to use the macOS keychain with Ansible vault and tried the method in Jeff Ramnani's post.
For me, though, declaring
vault_password_file in a user Ansible config file didn't work. I'm using
ansible.cfg files in the directories of different projects, and due to Ansible's precedence, my user config file is being ignored.
The solution was to pass
vault_password_file into Ansible using the
ANSIBLE_VAULT_PASSWORD_FILE environment variable.
Here's the technique
- As in Jeff's post:
- Create a keychain item that contains the password.
- Create your executable vault password script.
- However, you do not need to edit
.ansible.cfgor other Ansible config files.
- In your
ANSIBLE_VAULT_PASSWORD_FILEto the path of the password script. Of course, if you're using another shell, define the environment variable as appropriate for that shell.