Ansible Vault is a feature that allows keeping secrete data like Server Password & private key in encrypted files, rather than as plain-text in playbooks or roles.
Encrypting an existing playbook file
So In this example we are going to see how we can encrypt plain-text formatted playbook So that sensitive data can be encrypted using password for decryption.
This will prompt you for password twice. Once it is done your playbook file will be encrypted.
[root@tecgeek ~]# ansible-vault encrypt /home/siddhesh/baseline/defaults/main.yml
> New Vault password: ********
> Confirm New Vault password: ********
> Encryption successful
[root@tecgeek ~]#
If you try to open this file in directly in any editor, then you can see something like this....
[root@tecgeek ~]# vim /home/siddhesh/baseline/defaults/main.yml
$ANSIBLE_VAULT;1.1;AES256
653121333336373166363164613430656333232366533386464333438383734373734322134464616339
3333383233373465353131323237632323263361316431380a643336643862663739623631616530
3535636162643465306631666137386332362396162646365343166646231653165303431636139
62303615664363138340a356631633930323032653466626531383261613539633365366631623238
32396635353866633135363231346664303730353230623439633666386662346432363164393438
3365366623530643262524233373337383934316335303862313838383966623134646230346330303136
6633323236306230383733353355313038623832316562363234622339383538343437663437373730
35666532335094439
[root@tecgeek ~]#
Creating an encrypted new playbook file
To create a new encrypted file you can use the create command.
[root@tecgeek ~]# ansible-vault create /home/siddhesh/baseline/defaults/tecgeek.yml
> New Vault password: ********
> Confirm New Vault password: ********
[root@tecgeek ~]#
Editing already encrypted playbook file
To edit already encrypted playbook file you can use the edit command.
[root@tecgeek ~]# ansible-vault edit /home/siddhesh/baseline/defaults/tecgeek.yml
> Vault password: ********
[root@tecgeek ~]#
Decrypting an encrypted playbook file.
You can decrypt a file to get it back to plaintext using decrypt command.
[root@tecgeek ~]# ansible-vault decrypt /home/siddhesh/baseline/defaults/tecgeek.yml
> Vault password: ********
[root@tecgeek ~]#
Commentaires