Using Ansible to decrypt remote files?

Question

Maybe it's a silly question but... I would like to have an Ansible task that simply decrypts some remote files that have been encrypted with ansible-vault

I had in mind to use the copy module with the option decrypt: yes but it is not working for me because remote_src: yes don't support decrypt: yes

Autodecryption of files does not work when remote_src=yes.

https://docs.ansible.com/ansible/2.9/modules/copy_module.html

Is there any other way to achieve this?

- name: Decrypting secrets
  become: true
  copy:
    src: "{{ path }}"
    dest: "{{ path }}"
    owner: "{{ user }}"
    group: "{{ user }}"
    decrypt: yes
    remote_src: yes

Ansible version --> 2.9

I suggest you edit your question and add a bit more background about **why** you are trying to do the above in order to rule out a possible [x/y problem](https://xyproblem.info). You don't usually push the encrypted files as is to your target and keep them on your controller where they can be decrypted flawlessly to use their content. Regarding your direct question, an obvious workaround is to [`fetch`](https://apim-store-front-o2.paas-01.net.intra.laposte.fr/home) the file locally and simply copy it back to the target. Note that `decrypt: true` is the default when not using `remote_src`. — Zeitounator, Apr 07 '22 at 08:56
Right @Zeitounator, such a workaround is also discussed under [Ansible Issue #41130](https://github.com/ansible/ansible/issues/41130#issuecomment-394781486) "_Cannot decrypt with `copy` module when `remote_src: yes`_". — U880D, Apr 07 '22 at 09:45

Using Ansible to decrypt remote files?

0 Answers0