Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to specify a vault password file to molecule test?

When running tests with molecule:

molecule tests

and some files are protected with ansible vault, the --vault-password-file must be specified to provide the password to decrypt their content.

Although it is possible to do that with converge

 molecule converge -- --vault-password-file ~/.vault.txt

it fails with molecule tests

 $ molecule test -- --vault-password-file ~/.vault.txt
 Usage: molecule test [OPTIONS]
 Error: Got unexpected extra arguments (--vault-password-file ~/.vault.txt)
like image 565
singuliere Avatar asked Jan 10 '19 07:01

singuliere


2 Answers

Using the ANSIBLE_VAULT_PASSWORD_FILE environment variable like so:

ANSIBLE_VAULT_PASSWORD_FILE=$HOME/.vault.txt molecule test

will bypass molecule arguments parsing logic and let ansible know where the vault password is located.

like image 88
singuliere Avatar answered Sep 24 '22 03:09

singuliere


You can pass the the password file to molecule via provisioner.config_options.defaults.vault_password_file in your molecule.yml file as follows:

provisioner:
name: ansible
config_options:
  defaults:
    vault_password_file: "${MOLECULE_SCENARIO_DIRECTORY}/vault.pw"

where vault.pw is a plain text file that contains only your password (Make sure this is well protected!)

The vault password file is an option passed over to Ansible directly and is defined here

like image 39
ashraf Avatar answered Sep 25 '22 03:09

ashraf