Ansible/Variables and Vaults

From charlesreid1

Revision as of 05:02, 15 November 2018 by Admin (talk | contribs) (Created page with "{{Main|Ansible/Variables}} {{Main|Ansible/Vaults}} This article covers recommendations and best practices for storing variables (Ansible/Variables) in your vault (Ansi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Main article: Ansible/Variables
Main article: Ansible/Vaults

This article covers recommendations and best practices for storing variables (Ansible/Variables) in your vault (Ansible/Vaults) while still making it possible to search variable names.

Ansible documentation: https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html

Group Variables

Start with a group_vars/ subdirectory that is named after the group you are trying to modify.

Inside of the subdirectory, create two files named vars and vault.

Inside vars, define all variables needed, including any sensitive ones.

Next, copy all sensitive variables over to vault file, prefix them with vault_.

Adjust the variables in the vars file so they point to the matching vault_ variables, using Jinja 2 syntax, and ensure that the vault file is encrypted (see Ansible/Vaults).


Example

Directory structure: 

playbooks/
    group_vars/
        dbservers/   # name of group
            vars     # file
            vault    # file

Now suppose we were including the full vars file with sensitive variables and all. It might look like this: 

host : 0.0.0.0
port : 1234
database_username : root
database_password : strongPassword
slack_api_key : a1a2a3a4a5a6a7
github_api_key : b1b2b3b4b5b6b7


Flags

Retrieved from "https://charlesreid1.com/w/index.php?title=Ansible/Variables_and_Vaults&oldid=25495"