Allow Ansible Vault-protected vars to be used with dynamic inventory

[bkeroackdsc]

Issue Type: Feature Idea

Ansible Version: 1.7.2

Environment: N/A

Summary:

Currently Ansible Vault can only be used with static files on disk within a playbook tree.

Dynamic inventory scripts push out group_vars and host_vars as part of the inventory definition (in JSON format). However there's no way to store and transmit AV-protected items there (you would have to implement the encryption/decryption logic yourself outside of Ansible).

We're using a hybrid approach right now where virtually all variables are stored and delivered by the dynamic inventory script, but we also have a handful of AV-protected global group_vars on disk within the playbook tree. It would be great if we could migrate those to the dynamic inventory system as well.

Steps To Reproduce:

1. Create new JSON convention for Ansible Vault items
2. Allow items to be seamlessly decrypted during playbook runs.

Expected Results:

Actual Results:

[dalcouffe]

+1 to this idea. We are doing the same.

[jimi-c]

Switch to Proposal

Hi!

As of April of 2016, we have started using the Ansible Proposal process for large feature ideas or changes in current functionality, such as this. Because this issue has been open for so long without any action, we are going to go ahead and close it at this time. If you are still interested in seeing this new feature get into Ansible, please submit a proposal for it using this process.

https://github.com/ansible/proposals/blob/master/proposals_process_proposal.md

If you have any further questions, please let us know by stopping by our devel mailing list, or our devel IRC channel:

• #ansible-devel on Freenode
• https://groups.google.com/forum/#!forum/ansible-devel

Thank you!