Ansible/Vaults

From charlesreid1

Revision as of 22:06, 13 November 2018 by Admin (talk | contribs)

Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys.

The encrypted data can be stored in (e.g.) a Github repo, and only decrypted by Ansible.

To use, call the ansible-vault tool and give it the password using either --ask-vault-pass or --vault-password-file. Or set the location of the vault password file in ansible.cfg.

Basic usage

Encrypting a string using ansible-vault

To encrypt a string, use the ansible-vault encrypt_string command.

Link: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html#ansible-vault-encrypt-string

Using a playbook with vault encrypted data

Example of a call to a playbook that uses vault-encrypted data: 

ansible-playbook site.yml --ask-vault-pass

Alternative that uses a file containing the password: 

ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt

Third alternative is to use an environment variable: 

ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt ansible-playbook site.yml
Retrieved from "https://charlesreid1.com/w/index.php?title=Ansible/Vaults&oldid=25463"