Feature: Usage with named-pipes

[ansibleguy]

Scope

Service (Job Scheduling, Job Preparation)

Description

As described in the Ansible-Runner docs - we could gain some security when using named pipes instead of basic files:
https://ansible.readthedocs.io/projects/runner/en/latest/intro/#the-env-directory

[ansibleguy]

Was not able to get it working by simply replacing basic files with named pipes, as ansible-playbook got stuck.
Now I've removed our custom secrets handling and moved to relying on the one implemented by the official ansible-runner, as this make way more sense.

[ansibleguy]

Was able to provision my hosts with become+ssh-key+vault-pass.
@mathieumd Would be nice if you could test it too - just to be sure.

[ansibleguy]

Note: Git-repository handling is still using a basic file. Will need to implement ssh-agent usage for that use-case

[mathieumd]

Looks good with SSH through ssh-agent:

Running command:
ansible-playbook --diff -i inventory/all --limit test01 playbooks/test.yml

Identity added: /var/tmp/ansible-webui/2024-09-23_10-58-2154984/artifacts/74174416-b4ad-4965-80fd-7b7575ab5853/ssh_key_data (ansibleguy-webui@example01)

This file ssh_key_data is removed very quickly, just after the ssh-add, nice. Is it the named pipe?

It still requires an unencrypted SSH private key, which makes me unconfortable; but maybe it's actually enough security-wise? I can't tell. :-)

[ansibleguy]

Will add a feature-request for encrypted ssh keys.