How to remember/cache or specify private key passphrase for Ansible

Question

Just starting out with Ansible, I have set up an Asible user on the client machine and created a set of keys from OpenSSL. I am running Ansible under my own account. I have specified the user and private key file in the Ansible configuration. I want the remote commands to run as this user and this user to sudo to do commands requiring elevation.

/etc/ansible/ansible.cfg

private_key_file = /etc/ansible/pka/confman.crt
remote_user = confman

Commands such as this do not ask for passphrases after initial entry of passphrase:

ansible all -m ping

The following prompt for a passphrase every time I run them:

ansible all -m ping -b
Enter passphrase for key '/etc/ansible/private_keys/confman.crt':
(success)

ansible all -m ping --sudo
Enter passphrase for key '/etc/ansible/private_keys/confman.crt':
(success)

ansible all -a "cat /etc/redhat-release"
Enter passphrase for key '/etc/ansible/private_keys/confman.crt':
(success)

Why?

Is there any way to set the passphrase? Is there a more secure way? I plan to run ansible remotely and via cron and via other automation tools where entering a passphrase is not an option.

As context, I have never needed to SSH between Linux servers, always from a Windows machine using tools such as putty, RoyalTS and mRemoteNG so my ssh knowledge is... sparse. I assume I am missing something obvious.

Answer 1

The feature is called ssh-agent:

$ eval `ssh-agent`  # you might have agent already running so this might not be needed
$ ssh-add /etc/ansible/private_keys/confman.crt

now ansible should be able to find the key in agent and authenticate without asking for passphrase every time. From: Documentation: Your first commands