wiki

User Tools

Site Tools

Trace: ansible_best_practice ansible_vault
ansible:ansible_vault

Ansible vault / password encrytion

ansible-vault

  • create: open a file and encrypt it when close
  • decrypt
  • edit
  • view
  • encrypt: encrypt a file or variable
  • rekey: reencrypt

Add option –vault-password-file <filename_not_encrypt> to prevent asking password

ansible vault

vaultID: multi-password 

ansible-vault encrypt --vault-id pwd.txt group_vars/all/vault.txt

ansible-vault encrypt --vault-id @prompt group_vars/all/vault.txt

ansible -i "127.0.0.1," all --vault-id pwd.txt -m debug -a "msg='{{mysecret}}'"

Now add a specific ID (;id1) into the vaulting file
$ANSIBLE_VAULT;1.1;AES256;id1

ansible -i "127.0.0.1," all --vault-id id1@pwd.txt -m debug -a "msg='{{mysecret}}'"

Variables used by ansible cfg 

ansible_user
ansible_password
ansible/ansible_vault.txt · Last modified: 2023/09/19 19:27 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki