how to specify a vault password file to molecule test?

Asked 10/1, 2019 at 7:53 Answered 9/6, 2020 at 22:14

When running tests with molecule:

molecule tests

and some files are protected with ansible vault, the --vault-password-file must be specified to provide the password to decrypt their content.

Although it is possible to do that with converge

 molecule converge -- --vault-password-file ~/.vault.txt

it fails with molecule tests

 $ molecule test -- --vault-password-file ~/.vault.txt
 Usage: molecule test [OPTIONS]
 Error: Got unexpected extra arguments (--vault-password-file ~/.vault.txt)

Anticoagulant answered 10/1, 2019 at 7:53 Comment(0)

Using the ANSIBLE_VAULT_PASSWORD_FILE environment variable like so:

ANSIBLE_VAULT_PASSWORD_FILE=$HOME/.vault.txt molecule test

will bypass molecule arguments parsing logic and let ansible know where the vault password is located.

Anticoagulant answered 10/1, 2019 at 7:57 Comment(0)

You can pass the the password file to molecule via provisioner.config_options.defaults.vault_password_file in your molecule.yml file as follows:

provisioner:
  name: ansible
  config_options:
    defaults:
      vault_password_file: "${MOLECULE_SCENARIO_DIRECTORY}/vault.pw"

where vault.pw is a plain text file that contains only your password (Make sure this is well protected!)

The vault password file is an option passed over to Ansible directly and is defined here

Mcdonnell answered 9/6, 2020 at 22:14 Comment(0)

Recommended topics

Hot tags