I like being able to give realistic examples when I give trainings, and I address the pros and cons of Ansible Vault when we spend a few minutes on that topic. For years now I’ve had a bit of a bee under my cap: would it be possible to unlock a Vault file with a smart card? I know it’s possible using, say, a Yubikey with an age key on it, but how about a GnuPG-compatible smart card? And what if the smart card were local and the unlocking had to be triggered remotely?
