Ansible Vault
Ansible Vault is a feature that allows users to encrypt values and data structures within Ansible projects. This provides the ability to secure any sensitive data that is necessary to successfully run Ansible plays but should not be publicly visible, like passwords or private keys. Ansible automatically decrypts vault-encrypted content at runtime when the key is provided.
This requires the manual step of setting up a password file and setting it's path (which should not be in the repository) in ansible.cfg
.
Using Anisble Vault means that managing secrets becomes as easy as managing the Ansible Vault password file and all other secrets can be set up automatically by running the playbooks.
Usageඞ
Secret variables can be set by encrypting strings:
Bash | |
---|---|
And pasting the output in place of a variable:
YAML | |
---|---|
View encrypted variable with:
Encrypt files with:
Bash | |
---|---|
View encrypted files with:
Bash | |
---|---|
Edit encrypted files with:
Bash | |
---|---|
Decrypt encrypted files with:
Bash | |
---|---|