[ For discussion ] Ansible-Vault style encryption for SimpleInventory #762
Comments
|
Good idea, I think adding a new inventory to the nornir-utils repo that inherits from SimpleInventory would be the way to go, that way you just need to add the few bits and pieces you need for that. |
|
Great! I'll probably look into it towards the weekend. Will open a PR over there. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The idea would be to unencrypt file-based inventories on-the-fly to extract host, group and defaults data, similar to how Ansible implements this for vault-encrypted host vars. A vault key would be required to execute the script with access to host data, making host data otherwise inaccessible. This would at least mitigate the issue of using plain-text inventories for handling sensitive data.
This could maybe be implemented as a separate inventory plugin, or some kind of flag for SimpleInventory?
I'd be willing to submit a PR for this myself, but would like to discuss how it would better integrate with the current Nornir ecosystem first.
Thanks!
The text was updated successfully, but these errors were encountered: