ansible:ansible_vault
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
ansible:ansible_vault [2023/03/20 23:48] manu created |
ansible:ansible_vault [2023/09/19 19:27] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Ansible vault / password encrytion ====== | ====== Ansible vault / password encrytion ====== | ||
| + | ansible-vault | ||
| + | * create: open a file and encrypt it when close | ||
| + | * decrypt | ||
| + | * edit | ||
| + | * view | ||
| + | * encrypt: encrypt a file or variable | ||
| + | * rekey: reencrypt | ||
| + | Add option --vault-password-file <filename_not_encrypt> to prevent asking password | ||
| + | |||
| + | |||
| + | |||
| + | ansible vault | ||
| + | |||
| + | vaultID: multi-password | ||
| + | <code> | ||
| + | ansible-vault encrypt --vault-id pwd.txt group_vars/all/vault.txt | ||
| + | |||
| + | ansible-vault encrypt --vault-id @prompt group_vars/all/vault.txt | ||
| + | |||
| + | ansible -i "127.0.0.1," all --vault-id pwd.txt -m debug -a "msg='{{mysecret}}'" | ||
| + | |||
| + | Now add a specific ID (;id1) into the vaulting file | ||
| + | $ANSIBLE_VAULT;1.1;AES256;id1 | ||
| + | |||
| + | ansible -i "127.0.0.1," all --vault-id id1@pwd.txt -m debug -a "msg='{{mysecret}}'" | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Variables used by ansible cfg | ||
| + | ansible_user | ||
| + | ansible_password | ||
ansible/ansible_vault.1679352537.txt.gz · Last modified: 2023/03/20 23:48 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
