Using Git With Ansible Vaults
When looking at
git log to see what you changed, you cannot easily look into
Ansible Vault changes: you just see the changes in the encrypted versions which
is unpleasant to read.
Instead we can use
.gitattributes to tell
git that we want to use a
different program to visualise differences between two versions of a file,
- Check your
git log -pand see how the Vault changes look (you can type
/vaultto search). Notice that they’re just changed encoded content.
Create the file
.gitattributesin the same folder as your
galaxy.ymlplaybook, with the following contents:
group_vars/secret.yml diff=ansible-vault merge=binary
- Try again to
git log -pand look for the vault changes. Note that you can now see the decrypted content! Very useful.