Reputation: 857
how to specify a vault password file to molecule test?
When running tests with molecule:
molecule tests
and some files are protected with ansible vault, the --vault-password-file must be specified to provide the password to decrypt their content.
Although it is possible to do that with converge
molecule converge -- --vault-password-file ~/.vault.txt
it fails with molecule tests
$ molecule test -- --vault-password-file ~/.vault.txt
Usage: molecule test [OPTIONS]
Error: Got unexpected extra arguments (--vault-password-file ~/.vault.txt)
Upvotes: 6
Views: 7283
Answers (2)
Reputation: 557
You can pass the the password file to molecule via provisioner.config_options.defaults.vault_password_file in your molecule.yml file as follows:
provisioner:
name: ansible
config_options:
defaults:
vault_password_file: "${MOLECULE_SCENARIO_DIRECTORY}/vault.pw"
where vault.pw is a plain text file that contains only your password (Make sure this is well protected!)
The vault password file is an option passed over to Ansible directly and is defined here
Upvotes: 4
Reputation: 857
Using the ANSIBLE_VAULT_PASSWORD_FILE environment variable like so:
ANSIBLE_VAULT_PASSWORD_FILE=$HOME/.vault.txt molecule test
will bypass molecule arguments parsing logic and let ansible know where the vault password is located.
Upvotes: 9
Related Questions
- How can I specify multiple users and passwords in Ansible vault file?
- How to pass ansible vault password as an extra var?
- Passing password from vault to unix script
- How do I specify encrypted strings in molecule group_vars? (could not determine a constructor for the tag '!vault')
- Ansible passing vault password file to playbook
- How to automatically pass vault password when running Ansible playbook?
- How can I use an ansible-vault encrypted password in inventory file?
- Ansible Vault Password in variable
- Ansible-vault doesn't work with --vault-password-file
- Ansible vault password file