Description: Here I have explained, What is Ansible Vault, How to create Ansible Secrets on Playbook to secure them.
What is Ansible Vault?
Ansible may need access to sensitive data such as passwords or API keys in order to configure managed hosts. Normally, this information might be stored as plain text in inventory variables or other Ansible files. Ansible Vault, which is included with Ansible, can be used to encrypt and decrypt any structured data file used by Ansible.
How to Manage Sensitive data in Ansible Playbook?
- First, create Ansible Secret on playbook using ansible-vault create command
- It will be prompted for a password for playbook
- Once you enter the password it open yaml playbook file, Fill require content, and save it
- To test playbook, try to open yaml file using cat command you will data in encrypted format as follow
- To edit the playbook, we need to use ansible-vault edit option as follow
# ansible-vault edit webserver1.yaml
It is a pop-up for the password for ansible-vault which we created during file creation
- To Run playbook, use --ask-vault-pass to run with vault
No comments:
Post a Comment