Develop Reference

how provide value from text file to yaml file?

I am using YAML file to read/write data from the s3 bucket, i have mentioned the AWS access key and secret key inside the YAML file itself.
but now I want to put aws_secret_key in another txt file, and read the secret key from the text file.
How can we configure the YAML file to read the aws_secret_ key from another file?
Please help me.
Thanks & Regards,
Prasad

Create file from variable in ansible

I want to create a file (namely an id_rsa key) using ansible.
It seems that using the copy builtin module is no longer recommended and users are advised to use template.
If I understand correcly, I will have to put the contents of the id_rsa to an id_rsa.j2 and then render it on the target host.
This of course will then have to be encrypted with ansible-vault.
My question is whether there is a workaround (since I already have a vars file with secrets) so that I add the contents of the private key to this (already encrypted) file to avoid adding yet another encrypted file just for this purpose.

You wouldn't put any sensitive information in your template, just the variable name, the same way you would have with copy + content.
{{ my_private_key_var }}

Ansible host file refere to first in group

Is it possible within an Ansible host file to refer to hosts within a group like my provided sample or is there any other way of doing it directly in the host file? (I would prefer not to change existing playbooks or use limit flags)
# Handled by terraform with company policies (can't change this)
[web]
direct-15-67-156-6.bdb.company.com
direct-12-67-116-124.lia.company.com
[lb]
direct-12-68-117-13.osp.company.com
# BEGIN ANSIBLE MANAGED BLOCK
[mywebsite]
web[0]
[gatling]
web[1]

You can't do anything like you suggest with a static hosts file, however the static hosts file can be replaced with a script, and then you are free to use whatever logic you wish to build out your groups and hosts. Perhaps you can persuade Terraform to produce the data in a JSON file (or similar) that your inventory script could then consume?
Docs are here.

How do I use an encrypted variable (ansible_ssh_pass) in an INI file?

I am reading this page and if I drop the following text in an file in the Inventory folder :
[vyos:vars]
ansible_connection=network_cli
ansible_network_os=vyos
ansible_user=my_vyos_user
ansible_ssh_pass= !vault |
$ANSIBLE_VAULT;1.2;AES256;my_user
66386134653765386232383236303063623663343437643766386435663632343266393064373933
3661666132363339303639353538316662616638356631650a316338316663666439383138353032
63393934343937373637306162366265383461316334383132626462656463363630613832313562
3837646266663835640a313164343535316666653031353763613037656362613535633538386539
65656439626166666363323435613131643066353762333232326232323565376635
I am getting this error message
[WARNING]: * Failed to parse /home/myuser/Ansible/Inventory/pwdtest
with ini plugin: /home/cristi/Ansible/Inventory/pwdtest:9: Expected
key=value, got: $ANSIBLE_VAULT;1.2;AES256;my_user
I think the issue comes down to assigning a multiline string to a variable in an INI file
Does anybody have any idea how I can use this?
I can use the above in a YAML file format but I would like to keep consistency and use YAML everywhere

How do I use an encrypted variable (ansible_ssh_pass) in an INI file?
You can't.
The documentation page you linked to, seems to be blatantly wrong.
For a start, !vault tag and | character in the output of ansible-vault belong to YAML syntax and there is no way they could ever work in an INI-format inventory.
It seems also, that the function AnsibleVaultEncryptedUnicode, which decrypts the value, is called only from the YAML parser, so there is no way to modify the value (like single line, no tag) in the INI-format inventory.
You can either:
write your inventory in YAML, whole or a part of it, if you use a directory and split the inventory into multiple files
create a directory group_vars in the same directory as your inventory file and put a file vyos.yml inside with the following content:
ansible_connection: network_cli
ansible_network_os: vyos
ansible_user: my_vyos_user
ansible_ssh_pass: !vault |
$ANSIBLE_VAULT;1.2;AES256;my_user
66386134653765386232383236303063623663343437643766386435663632343266393064373933
3661666132363339303639353538316662616638356631650a316338316663666439383138353032
63393934343937373637306162366265383461316334383132626462656463363630613832313562
3837646266663835640a313164343535316666653031353763613037656362613535633538386539
65656439626166666363323435613131643066353762333232326232323565376635

Ansible-vault doesn't work with --vault-password-file

for some kind of yml files that we have to store passwords (of MySQL users) we use ansible-vault encrypt to maintain some security.
The problem is every time we have to edit we are forced to input the password.
I was looking how to fix this and seems is pretty easy but I couldn't make it work yet.
I've created a file in my home directory called:
.vault_pass.txt
inside of that, I have the password. And in the ansible.cfg in my repository I have the variable:
vault_password_file = ~/.vault_pass.txt
Didn't work as expected. So I tried to force ansible-vault command to read the file with this parameter
# ansible-vault decrypt --vault-password-file ~/.vault_pass.txt vars/vars-mysql-config.yml
Output error:
ERROR! input is not vault encrypted data for vars/vars-mysql-config.yml
It seems I forgot something here but I wasn't able to find the right info.
Anyone has any idea about that?
Thanks guys!

I guess you misuse decrypt command instead of view.
To view encrypted file use view:
ansible-vault view --vault-password-file ~/.vault_pass.txt vars/vars-mysql-config.yml
If you want to decrypt the file and leave it in plain text, use decrypt:
ansible-vault decrypt --vault-password-file ~/.vault_pass.txt vars/vars-mysql-config.yml
If you try to run decrypt command second time, it will give you expected error:
ERROR! input is not vault encrypted data for vars/vars-mysql-config.yml
because file is already plain-texted.