We are encouraged to be as secure as possible i.e.
~/.vault_passor in any local file
In such a scenario, I am having trouble coming up with a coherent strategy to ensure that my playbooks can access Azure secrets, while following the guidelines above.
How can I avoid storing Ansible Vault and Azure credentials on files, while still ensuring my playbooks can access them?
So far I have come up with a wrapper script that
Any better (more elegant, less complicated, more "Ansible") solutions out there?
What bothers you most in this workflow? @KonstantinSuvorov mainly it's the number of hoops I need to jump to achieve what seems (to me at least) a fairly common requirement in compliance-heavy enterprises.