I encrypted a bunch of files (certificates) using the following script
for i in $(find . -type f); do ansible-vault encrypt $i --vault-password-file ~/.vault && echo $i encrypted ; done
During rsyncing I run something like this
- name: Copy letsencrypt files
synchronize:
src: "{{ path }}/letsencrypt/"
dest: /etc/letsencrypt/
rsync_path: "sudo rsync"
rsync_opts:
- "--delete"
- "--checksum"
- "-a"
notify:
- Reload Nginx
The problem I’ve faced is that the files that moved still remained encrypted. I thought ansible was smart enough to detect if it was encrypted and decrypt like how I do here
- name: Copy deploy private key
copy:
content: "{{ private_key_content }}"
dest: "/home/deploy/.ssh/id_rsa"
owner: deploy
group: deploy
mode: 0600
no_log: true
Back to the earlier question, how do I make sure the files in the folder/files are decrypted before rsyncing?
Edit:
I tried using the copy module since it is encryption aware but the module seems to be hanging. Noticed some issues with copy module for directories on ansible github and I am back to synchronize.
I also tried the with_fileglob approach but that flattens the directory structure.
Edit 2:
I got encryption, decryption to work with the copy module but its horribly slow.
