php-ansible
php-ansible copied to clipboard
maschmann
private key passphrase
Is there any way this wrapper could support a private key passphrase? Ansible doesn't have a command line option for that but I am sure it's possible to do it since phpseclib has that ability.
Let me think about this, since a new dependency would be introduced and we'd deviate from just providing a wrapper around ansible commands. I get back to you soon :-)
@sdwru the only way I see this being done is a check for phpseclib being installed within composer as a dependency. Not sure if it's raising the "dependency bar" too high for people using this lib. Definitely a BC break. Also this would be another inheritance layer for non-ansible commands, but it's doable. You can prevent such things with an ssh-agent, loading the key before using ansible. What's your concrete problem/scenario you want to solve?
My use case requires a separate key for each user, and the keys are not stored in files. Something like ssh-agent is definitely not an option. Phpseclib solves most of my problems, but Ansible makes more sense for some things, so php-ansible is the solution for that. However, I am forced to use keys without passphrases because of that, which is suboptimal from a security standpoint.
If you do a search there are lots of requests to have Ansible support passphrases from command line, so I think there are plenty of scenarios where this would be useful.
Ok, that's totally valid and understandable - got your point there :-) Considering all your arguments, this could be a good addition for the lib. Thanks for proposing and also clarifying this!