setup new vault

.gitignore

@@ -1,3 +1,4 @@
 # ---> Ansible
 *.retry
-.vault_password
+.main_vault_password
+.user_vault_password

README.md

@@ -26,3 +26,12 @@ ssh-add
 ansible all -m ping # or whatever you want to do with ansible
 exit
 ```
+
+## Vault managment
+
+To use multiple vaults with multiple password, we use vault id.
+The mapping vault-id@password-file is done in ansible.cfg under [defaults] in vault_identity_list:
+`vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password`
+
+To create a new vault with an id and password registered in ansible.cfg:
+`ansible-vault create --encrypt-vault-id user_vault group_vars/all/user_vault`

ansible.cfg

@@ -20,7 +20,8 @@ forks = 15
 # Some SSH connection will take time
 timeout = 60
 
-vault_password_file = .vault_password
+vault_identity_list = main_vault@.main_vault_password , user_vault@.user_vault_password
+#vault_password_file = .vault_password
 
 [privilege_escalation]
 

group_vars/all/user_vault

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.2;AES256;user_vault
+37313030326130633030646433616330333664343237343231353463376434343938353766356464
+3731313633666539353130376139306663653336356363640a643465666563366635343763643931
+61383664353531643035333033623865396562613562353438666264343334613461626130386566
+3637656132353236660a366562633064333034633464343661663538353263643237313735366435
+38393639326233333938636636396363666536366139623666653434316537326430333333376638
+37663734653162633462653864353663323564623639313639326435313939336162643935383831
+303931333131396565393336653732626134

roles/create_users/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+#- name: Generate user
+#  user:
+#    name: "{{ item.name }}"
+#    group: "{{ item.groups }}"
+#  loop: "{{ uservault_users }}"
+#
+- name: Test
+  debug:
+    msg: "{{ item.name }}"
+  loop: "{{ uservault_users }}"
+
+- name: Test name
+  debug:
+    msg: "{{ vault_email }}"

users.yml

@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- hosts: all
+  roles:
+    - create_users