Feature Request: Encrypted secrets

[markfaine]

A way to encrypt the secrets or a way to store them outside of the ansible collection/role source tree and reference them. I don't want to check in molecule.yml with my passwords in it but I do want to check in molec;ule.yml

[sky-joker]

Thanks, @markfaine for requesting the new feature.

Sorry, I looked at this late.
If you'd like to use the encryption by Vault, I seem that you should use a file to decrypt.
https://molecule.readthedocs.io/en/stable-1.18/configuration.html?highlight=vault_password_file#ansible-section

[bandit420]

@markfaine

I had a similiar usecase and did use Hashicorp Vault (https://www.vaultproject.io/) with the pip-module "hvac" (https://pypi.org/project/hvac/).

The downside is: this does introduce external dependencies.

There was some work to do because you have to import values on every molecule step. I did not get it working directly using a lookup-plugin in the molecule.yml-file, but just a user, no developer or python expert.

BTW thank to @sky-joker, your module helped me a lot with the vmware part in molecule. 👍