Skip to content

Vault: re-encrypt files as values#468

Draft
mcint wants to merge 4 commits into
masterfrom
mcint/vault-reencrypt
Draft

Vault: re-encrypt files as values#468
mcint wants to merge 4 commits into
masterfrom
mcint/vault-reencrypt

Conversation

@mcint

@mcint mcint commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

Answering calls to make the secret names searchable, both on github and locally, and to see more meaningful and well-scoped diffs

@mcint mcint requested review from ElanHR, SuperQ, jetpham and jof March 30, 2026 18:53
@mcint

mcint commented Mar 30, 2026

Copy link
Copy Markdown
Contributor Author

I have unpushed drafts to decrypt value-string-based secrets, supporting round-tripping back out of this format. I need to test that more that ansible-playbook in use decrypts even each-item-in-a-list formulation that's caused the most code headache so far, not just values and dicts, and lists as a whole.

@SuperQ

SuperQ commented Mar 30, 2026

Copy link
Copy Markdown
Collaborator

I'm not a fan of these inline secrets vars. Unless the tooling has improved, I found it a pain to deal with the vars this way.

I prefer the "vault" style in #458. It's easy enough to ansible-vault view group_vars/foo/vault.

If we do want to switch to this style, can we ad a bit of documentation about how to use these?

@mcint mcint mentioned this pull request Mar 30, 2026

@SuperQ SuperQ left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, really, I don't like doing it this way. Please address my comments.

@mcint mcint requested a review from Daniel-Alnasir May 14, 2026 19:43
@mcint mcint marked this pull request as draft May 14, 2026 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants