Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add support for editing vaults

See original GitHub issue

As the title probably needs not more explanation, I should mention that there are already 4 extensions on vscode marketplace related to vault editing. Looking at them I noticed a pattern where almost each of them seems to be a fork of a previous one. I suspect what caused it is that original creator lost interest in maintaining it.

Instead of cluttering the marketplace with yet another extension that aims to address the same issue, I am inclined to see if one of the authors of these extensions is willing to join efforts and transition this feature into our extension, so we can have less extensions but better maintained.

Identified extensions:

https://marketplace.visualstudio.com/items?itemName=flaunay.ansible-vault&ssr=false#overview by @FlorianLaunay with last release on 2020.12.19
https://marketplace.visualstudio.com/items?itemName=wolfmah.ansible-vault-inline by @wolfmah with last release on 2020.07.13
https://marketplace.visualstudio.com/items?itemName=spinosae.ansible-vault by @spinosae with last release on 2020.06.03
https://marketplace.visualstudio.com/items?itemName=dhoeric.ansible-vault by @dhoeric with last release on 2018.04.30

Vaulting use-cases

There are lots of way of working with secrets in Ansible and we will not be able to cover all from start, still we should document each one we identify and mention if they are supported or not, also allowing us to create tests for them later.

single vault defined inside ansible.cfg: vault_identity_list = .pass or alternatives that can use names like foo@.pass or default@.pass. Ansible encrypts and decrypts files without any prompts in this case, it does not expect passsing a vault id.
multiple vaults defined inside ansible.cfg: vault_identity_list = foo@.pass bar@.pass2. Ansible will try to guess decryption key to use if the encrypted text does not mention the name. Still encrypting requires mentioning the vault id.
no vault_identity_list defined but ansible_password_file is defined, which points to the file with the secret.
vault files that are executable … (TBD)