I need to run a command on the target server that accepts data through stdin only. The data I'm feeding it comes from a template file and contains sensitive data, so I'd rather not have it sitting in the filesystem even for a second.
I'm trying to find a way to grab the output of a template task so I can pass it to the command. Something like:
- name: generate data
template:
src: data.j2
dest: [I'd rather not have any files written]
register: myvar
- name: run command
shell: "command < {{ myvar }}"
Is a better way to go about this that doesn't involve writing a temporary file, feeding it to the command and then erasing it?
Got answer from ansible guys:
The proper way of handling commands which need input from
stdin
is the expect module.The proper way of dealing with sensitive data with Ansible is ansible vault. One way or the other the data will sit unencrypted on the file system as Ansible creates Python scripts to execute the commands defined under tasks.