Ansible/Vaults

From charlesreid1

Revision as of 22:00, 13 November 2018 by Admin (talk | contribs) (Created page with "Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys. The encrypted data can be stored in (e.g.) a Github repo, and only decrypted by Ansible....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Ansible Vaults are ways of storing encrypted, sensitive data like passwords or keys.

The encrypted data can be stored in (e.g.) a Github repo, and only decrypted by Ansible.

To use, call the ansible-vault tool and give it the password using either --ask-vault-pass or --vault-password-file. Or set the location of the vault password file in ansible.cfg.

Example of a call to a playbook that uses vault-encrypted data: 

ansible-playbook site.yml --ask-vault-pass

Alternative that uses a file containing the password: 

ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt

Third alternative is to use an environment variable: 

ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt ansible-playbook site.yml
Retrieved from "https://charlesreid1.com/w/index.php?title=Ansible/Vaults&oldid=25462"