Drone version
1.6.2
Problem Summary
I am trying to pass in a secret to an Environment Variable that is used by my ansible playbook. However, the conceal feature causes the evaluation of the env var to be [secret:ssh_key] when I grab the env var in my playbook using lookup env var in my hosts file like so: ansible_ssh_private_key_file={{ lookup('env','SSH_KEY') }}
Question
How do I make it so that the actual value gets passed in and not the conceal value?
.drone.yml snippet
- name: Apply ansible playbook using Ansible plugin
image: plugins/ansible:1
environment:
SSH_KEY:
from_secret: ssh_key
settings:
playbook: ansible/playbooks/site.yml
inventory: ansible/playbooks/inventory/hosts
vault_password:
from_secret: ans_vault
debug: true
Output from drone UI
TASK [Gathering Facts] *********************************************************
13 fatal: [4.4.4.4]: UNREACHABLE! => {“changed”: false, “msg”: “Failed to connect to the host via ssh: Warning: Permanently added ‘4.4.4.4’ (ECDSA) to the list of known hosts.\r\nno such identity: [secret:ssh_key]: No such file or directory\r\ndroneuser@4.4.4.4: Permission denied (publickey).”, “unreachable”: true}
Troubleshooting
I also tried to do below but also resulted in the file containing the concealed secret
echo -n $${SSH_KEY} > /drone/src/ssh_key