Ansible/Vaults: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys. | Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys. | ||
Link: https://docs.ansible.com/ansible/latest/user_guide/vault.html | |||
To use, | ==How does it work== | ||
To use ansible vault, you execute a command to tell ansible you want to create a vault (an encrypted chunk of plain text). | |||
Ansible prompts you for a password, then opens a text editor, where you enter your sensitive information. This way, your sensitive information will only exist in a temporary buffer. When you are done editing, you save and close, and the file is automatically encrypted before being written to disk. | |||
This encrypted data can be stored in a public place, as it can only be decrypted with the appropriate passphrase. | |||
To encrypt, call <code>ansible-vault create foo.yml</code> | |||
To edit, call <code>ansible-vault edit foo.yml</code> | |||
To view, call <code>ansible-vault view foo.yml bar.yml baz.yml</code> | |||
==Basic usage== | ==Basic usage== | ||
Revision as of 19:48, 6 December 2018
Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys.
Link: https://docs.ansible.com/ansible/latest/user_guide/vault.html
How does it work
To use ansible vault, you execute a command to tell ansible you want to create a vault (an encrypted chunk of plain text).
Ansible prompts you for a password, then opens a text editor, where you enter your sensitive information. This way, your sensitive information will only exist in a temporary buffer. When you are done editing, you save and close, and the file is automatically encrypted before being written to disk.
This encrypted data can be stored in a public place, as it can only be decrypted with the appropriate passphrase.
To encrypt, call ansible-vault create foo.yml
To edit, call ansible-vault edit foo.yml
To view, call ansible-vault view foo.yml bar.yml baz.yml
Basic usage
Encrypting a string using ansible-vault
To encrypt a string, use the ansible-vault encrypt_string command.
Link: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html#ansible-vault-encrypt-string
Using a playbook with vault encrypted data
Example of a call to a playbook that uses vault-encrypted data:
ansible-playbook site.yml --ask-vault-pass
Alternative that uses a file containing the password:
ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt
Third alternative is to use an environment variable:
ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt ansible-playbook site.yml
Flags
