Ansible/Vaults: Difference between revisions

Revision as of 22:06, 13 November 2018

Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys.

The encrypted data can be stored in (e.g.) a Github repo, and only decrypted by Ansible.

To use, call the ansible-vault tool and give it the password using either --ask-vault-pass or --vault-password-file. Or set the location of the vault password file in ansible.cfg.

Basic usage

Encrypting a string using ansible-vault

To encrypt a string, use the ansible-vault encrypt_string command.

Link: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html#ansible-vault-encrypt-string

Using a playbook with vault encrypted data

Example of a call to a playbook that uses vault-encrypted data:

ansible-playbook site.yml --ask-vault-pass

Alternative that uses a file containing the password:

ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt

Third alternative is to use an environment variable:

ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt ansible-playbook site.yml

@@ Line 4: / Line 4: @@
 To use, call the <code>ansible-vault</code> tool and give it the password using either <code>--ask-vault-pass</code> or <code>--vault-password-file</code>. Or set the location of the vault password file in <code>ansible.cfg</code>.
+==Basic usage==
+===Encrypting a string using ansible-vault===
+To encrypt a string, use the ansible-vault encrypt_string command.
+Link: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html#ansible-vault-encrypt-string
+===Using a playbook with vault encrypted data===
 Example of a call to a playbook that uses vault-encrypted data:

Ansible/Vaults: Difference between revisions

From charlesreid1

Revision as of 22:06, 13 November 2018

Basic usage

Encrypting a string using ansible-vault

Using a playbook with vault encrypted data