No ansible.cfg Commits
All configuration is driven by environment variables written to a session-scoped .env file. Complies with enterprise security policies that prohibit committed ansible.cfg files.
A reproducible testing harness for Ansible role development that mirrors how enterprise environments actually behave. Environment-variable configuration, Molecule test scenarios, and container-based execution — without committing sensitive files.
Test Ansible roles the way they’ll actually run in production environments.
All configuration is driven by environment variables written to a session-scoped .env file. Complies with enterprise security policies that prohibit committed ansible.cfg files.
Three included scenarios: default, localhost-only, and with-linting. Python unit tests for supporting tooling. Extend or use as-is.
Fedora-based container with ephemeral SSH keys generated per run. The sandbox manages container lifecycle automatically — no manual container management.
Includes DECRYPT_VAULTED_ITEMS.py for safely inspecting encrypted Ansible vault variables during development without exposing secrets to version control.
One-command activation: python sandbox.py activate && python sandbox.py run. Drop it into any CI pipeline with Python and a container runtime.
Supports both Podman and Docker. Works in enterprise environments where Docker may not be available or permitted.
Enterprise Ansible development has constraints that generic sandboxes don’t handle.
Most Ansible sandbox examples involve committing ansible.cfg to the repo. Enterprise security policies often prohibit this. The Dev Sandbox uses environment variables exclusively.
Roles that pass tests on one developer’s machine fail in CI. Container-based execution with ephemeral keys ensures every run starts from a known-good state.
Molecule is the right tool for role testing, but setup is complex. The Dev Sandbox provides three working scenarios out of the box — ready to extend or use as-is.
The Ansible Dev Sandbox is freely available on GitHub. Need help integrating it into your enterprise CI/CD pipeline or extending it for custom requirements? McIndi can help.