Ansible/Vaults

From charlesreid1

Revision as of 19:48, 6 December 2018 by Admin (talk | contribs)

Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys.

Link: https://docs.ansible.com/ansible/latest/user_guide/vault.html

How does it work

To use ansible vault, you execute a command to tell ansible you want to create a vault (an encrypted chunk of plain text).

Ansible prompts you for a password, then opens a text editor, where you enter your sensitive information. This way, your sensitive information will only exist in a temporary buffer. When you are done editing, you save and close, and the file is automatically encrypted before being written to disk.

This encrypted data can be stored in a public place, as it can only be decrypted with the appropriate passphrase.

To encrypt, call ansible-vault create foo.yml

To edit, call ansible-vault edit foo.yml

To view, call ansible-vault view foo.yml bar.yml baz.yml

Basic usage

Encrypting a string using ansible-vault

To encrypt a string, use the ansible-vault encrypt_string command.

Link: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html#ansible-vault-encrypt-string

Using a playbook with vault encrypted data

Example of a call to a playbook that uses vault-encrypted data: 

ansible-playbook site.yml --ask-vault-pass

Alternative that uses a file containing the password: 

ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt

Third alternative is to use an environment variable: 

ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt ansible-playbook site.yml



Flags


Defcon.png
Ansible
Ansible is a Python library for managing IT and compute infrastructure.

Ansible  · Category:Ansible


Ansible Configuration

Config file: Ansible/Configuration

Secrets and Sensitive Info: Ansible/Security  · Ansible/Vaults


Ansible Playbooks

Basics: Ansible/Playbooks

Examples: Ansible/Nginx Playbook (simple)  · Ansible/Full Stack Playbook (advanced)


Ansible Hosts and Inventory Control

All topics in Ansible Hosts: Ansible/Hosts

Splitting large host files into subfiles: Ansible/Splitting Hosts File

Automatically naming hosts: Ansible/Host Naming

Grouping Hosts: Ansible/Groups

Assigning Variables to Groups: Ansible/Group Variables

Roles: Ansible/Roles


Ansible and Vagrant (Local)

Ansible/Vagrant  · Ansible/Vagrant/Static Inventory  · Ansible/Vagrant/Dynamic Inventory


Ansible and EC2 (Cloud)

Ansible/EC2  · Ansible/EC2/Static Inventory  · Ansible/EC2/Dynamic Inventory


Best Practices

Ansible/Directory Layout  · Ansible/Directory Layout/Details

Ansible/Separate Playbooks by Role

Ansible/Tag Inventory with Environment

Ansible/Group by Distribution

Ansible/Variables and Vaults


Ansible Galaxy

Ansible/Galaxy


Flags  · Template:AnsibleFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Ansible/Vaults&oldid=25590"