科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>jinja2 - How to include encrypted file in Ansible jinja template? - Stack Overflow

    jinja2 - How to include encrypted file in Ansible jinja template? - Stack Overflow

    programmeradmin2浏览0评论

    I have 2 jinja templates containing private key:

    • private.key (encrypted)
    • private-copy.key (need to include content of private.key)

    private.key file is encrypted using ansible vault, e.g.

    ansible-vault encrypt --vault-password-file ~/.pass.txt private.key

    so its content looks like this:

    $ANSIBLE_VAULT;1.1;AES256
123456789[...]

    I'm trying to get the decrypted content of private.key

    -----BEGIN RSA PRIVATE KEY-----
ABCDEfgh[...]
-----END RSA PRIVATE KEY-----

    inside private-copy.key (and not its encrypted value).

    I've tried the include jinja statement inside private-copy.key:

    {% include "private.key" %}

    but the result gives me the encrypted value in private-copy.key instead of the decrypted content of private.key.

    I also know that I can use an encrypted variable and put it in private-copy.key instead of including encrypted file. For simplification purpose, I want to use directly the encrypted file (on certificates renewal, we get a file, I just wanted to use it directly).

    I have 2 jinja templates containing private key:

    • private.key (encrypted)
    • private-copy.key (need to include content of private.key)

    private.key file is encrypted using ansible vault, e.g.

    ansible-vault encrypt --vault-password-file ~/.pass.txt private.key

    so its content looks like this:

    $ANSIBLE_VAULT;1.1;AES256
123456789[...]

    I'm trying to get the decrypted content of private.key

    -----BEGIN RSA PRIVATE KEY-----
ABCDEfgh[...]
-----END RSA PRIVATE KEY-----

    inside private-copy.key (and not its encrypted value).

    I've tried the include jinja statement inside private-copy.key:

    {% include "private.key" %}

    but the result gives me the encrypted value in private-copy.key instead of the decrypted content of private.key.

    I also know that I can use an encrypted variable and put it in private-copy.key instead of including encrypted file. For simplification purpose, I want to use directly the encrypted file (on certificates renewal, we get a file, I just wanted to use it directly).

    • ansible
    • jinja2
    • ansible-vault
    Share Improve this question asked Nov 20, 2024 at 15:50 TitouTitou 4143 silver badges15 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 2

    Use the file lookup plugin: Ansible allows you to read the content of a file using the lookup('file', ...) plugin. When combined with ansible-vault for encrypted files, it automatically decrypts the content if the file is encrypted.

    # This is private-copy.key
{{ lookup('file', 'private.key') }}

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论