private key passphrase

[sdwru]

Is there any way this wrapper could support a private key passphrase? Ansible doesn't have a command line option for that but I am sure it's possible to do it since phpseclib has that ability.

[maschmann]

Let me think about this, since a new dependency would be introduced and we'd deviate from just providing a wrapper around ansible commands. I get back to you soon :-)

[maschmann]

@sdwru the only way I see this being done is a check for phpseclib being installed within composer as a dependency. Not sure if it's raising the "dependency bar" too high for people using this lib. Definitely a BC break.
Also this would be another inheritance layer for non-ansible commands, but it's doable.
You can prevent such things with an ssh-agent, loading the key before using ansible.
What's your concrete problem/scenario you want to solve?

[sdwru]

My use case requires a separate key for each user, and the keys are not stored in files. Something like ssh-agent is definitely not an option. Phpseclib solves most of my problems, but Ansible makes more sense for some things, so php-ansible is the solution for that. However, I am forced to use keys without passphrases because of that, which is suboptimal from a security standpoint.

If you do a search there are lots of requests to have Ansible support passphrases from command line, so I think there are plenty of scenarios where this would be useful.

[maschmann]

Ok, that's totally valid and understandable - got your point there :-)
Considering all your arguments, this could be a good addition for the lib. Thanks for proposing and also clarifying this!