Once again I became tired of entering my Ansible Vault password every time I run a Ansible playbook.
Ansible supports placing the vaults password into a simple text file on your harddisk. However, placing the plain text password in a text file isn't great for security so I looked for a way to use my existing KDE wallet for this.
I came across this post which describes how to do it for the Mac OS keychain which can easily be adopted for the KDE wallet system:
First, create a "Password" entry with your vault password in your KDE wallet using the Wallet Manager.
Next, create this simple script in
~/bin (or somewhere else) and make it executable:
#!/bin/bash kwallet-query -r ansible-vault kdewallet
ansible-vault is the name of the entry in your wallet and
kdewallet the name of your wallet.
As the last step, configure the vault_password_file setting in your
~/.ansible.cfg to point to the script.
Now, every time Ansible tries to unlock a vault, it will query your wallet for the password. Nice!
Another way is to Use PGP To Encrypt The Ansible Vault