[Feature] Add command line parameter to pass Ansible Vault Password file
jleveque opened this issue · comments
When running ansible-playbook, there exists a command line parameter, --vault-password-file which allows one to pass the path of a file containing the password for decrypting Ansible-Vault-encrypted files (documentation here).
Pytest-Ansible needs to provide a similar command line argument in order to obtain secrets from Ansible-Vault-encrypted secrets files for the sake of parity.
This is also an issue for us and I would have time to implement it if that helps the project as it blocks us currently from using the library. I think the proposal to keep the same command line arguments as the playbook is a good one. There are also other relevant parameters (see the list). The good thing of the design is that it follows the ideas you already have. We will double the --vault-password parameter with an --ansible-vault-password-file. For the implementation we have to extend the initialization of the ansible.parsing.dataloader.DataLoader object and connect it to the Vault. Would a pull request for this be accepted?
P.S. All the parameters which are now accepted by ansible-playbook:
ansible-playbook [-h] [--version] [-v] [-k]
[--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[-c CONNECTION] [-T TIMEOUT]
[--ssh-common-args SSH_COMMON_ARGS]
[--sftp-extra-args SFTP_EXTRA_ARGS]
[--scp-extra-args SCP_EXTRA_ARGS]
[--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers]
[--flush-cache] [-b] [--become-method BECOME_METHOD]
[--become-user BECOME_USER] [-K] [-t TAGS]
[--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D]
[-i INVENTORY] [--list-hosts] [-l SUBSET]
[-e EXTRA_VARS] [--vault-id VAULT_IDS]
[--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
[-f FORKS] [-M MODULE_PATH] [--list-tasks]
[--list-tags] [--step] [--start-at-task START_AT_TASK]
playbook [playbook ...]
Closing as not planned because the same can be achieved using environment variables instead of cli arguments.