This depends on ansible-role-manage-secrets
ansible-playbook galaxy.yml
docker build --pull -t jnbnyc/secret-mgmt:master .
docker run --rm \
-e ANSIBLE_VAULT_PASSWORD_FILE=vault.secret \
-v ${PWD}/:/app/ \
jnbnyc/secret-mgmt:master \
ansible-playbook site.yml --extra-vars "secrets_file=./${1:-secrets.yml}" --tags shell
Note: Do not use atomic file updates for bind mounted files, eg:
-v ${PWD}/secrets.sh:/app/secrets.sh
using a directory instead works