dev-resources.site
for different kinds of informations.
Ansible Vault Quick Start
Published at
12/28/2020
Categories
ansible
encrypt
devops
cloudopz
Author
vumdao
Author
6 person written this
vumdao
open
Ansible Vault encrypts variables and files so you can protect sensitive content such as passwords or keys rather than leaving it visible as plaintext in playbooks or roles.
5 steps or less to quick start with ansible vault
1. Create password stored file to hold the master key
~: cat passwd_file
pLECtontABre
2. Generate encrypted password and data conent
- Password for ssh-login
$ ansible-vault encrypt_string --vault-id vagrant@passwd_file 'rootroot' --name vagrant
vagrant: !vault |
$ANSIBLE_VAULT;1.2;AES256;vagrant
33383365353665376338326665343364373334633265633438366263336638393937366661333430
6662656233333563333461333962376539353634643563630a386335666632656435363863366339
39623635363930373264636234653632616536343064313134623535653833353737313236313064
6335323136366438640a373131373764393337303734386631303133336234343638623233356430
3135
Encryption successful
- Data encrypt
⚡ $ ansible-vault encrypt_string --vault-id dev@passwd_file 'my_credential_data' --name 'my_data_encrypted'
my_data_encrypted: !vault |
$ANSIBLE_VAULT;1.2;AES256;dev
65653537303030393632656639333262346565383266643734353865356163363538613736316465
3734303334396561626538386466356461643035373166360a383735343735663234653736626565
63363436626135373366633034353762623366333664633964666463373765396335373737313035
3062393261613966360a373533326637323832633330303230383036636435383165376230656133
31366231326330336137633035623763396533313735636531623438386632376536
Encryption successful
- Update the encrypted things to
var.yaml
vagrant: !vault |
$ANSIBLE_VAULT;1.2;AES256;vagrant
33383365353665376338326665343364373334633265633438366263336638393937366661333430
6662656233333563333461333962376539353634643563630a386335666632656435363863366339
39623635363930373264636234653632616536343064313134623535653833353737313236313064
6335323136366438640a373131373764393337303734386631303133336234343638623233356430
3135
my_data_encrypted: !vault |
$ANSIBLE_VAULT;1.2;AES256;dev
65653537303030393632656639333262346565383266643734353865356163363538613736316465
3734303334396561626538386466356461643035373166360a383735343735663234653736626565
63363436626135373366633034353762623366333664633964666463373765396335373737313035
3062393261613966360a373533326637323832633330303230383036636435383165376230656133
31366231326330336137633035623763396533313735636531623438386632376536
3. Create ansible task to test decryption
-
test.yml: Variablemy_data_encryptedas encrypted value
⚡ $ cat test.yml
---
- hosts: all
become: true
vars_files:
- var.yaml
tasks:
- name: ansible vault test
debug:
msg: "{{ my_data_encrypted }}"
-
inventory: variablevagrantas the encrypted value
⚡ $ cat inventory
[ubuntu]
192.168.121.21
[all:vars]
ansible_connection=ssh
ansible_user=vagrant
ansible_ssh_pass={{ vagrant }}
4. Run ansible-playbook
⚡ $ ansible-playbook test.yml --vault-id dev@passwd_file -i inventory -e @var.yaml
ok: [192.168.121.107]
___________________________
< TASK [ansible vault test] >
---------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [192.168.121.107] => {
"msg": "my_credential_data"
}
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
192.168.121.107 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Mirror:
Read More
- Monitoror - Gitlab
- SQLPad - Quick Start With Docker
- Online-CV With Google-Cloud Run
- Gitlab Ancestor Check Branches
- HAProxy With Resolvers In Case Of AWS Application LoadBalancer
- How To Set HTTP-Request Header In Haproxy
- How To Block IP Addresses In HAProxy
- How To Drop A Postgres Role/User With privileges
- Create An Ubuntu 20.04 Server Using Vagrant
encrypt Article's
25 articles in total
Encrypt/Decrypt Data between Python 3 and JavaScript (AES algorithm)
read article
HideIPVPN: Unblock, Encrypt, & Explore Freely
read article
Encrypt Password Laravel
read article
Introduction to the Principles of JavaScript Encryption and JavaScript Obfuscation
read article
What is the secure way to store environment variables?
read article
Java 01 - Jasypt: Protegendo dados sensíveis com criptografia.
read article
How to encrypt a text using Python (key and text) and decrypt that cipher in JavaScript using the same key.
read article
Differences Between HTTP and HTTPS?
read article
Managing and sharing secrets in a Git repository with Keybase
read article
How To Encrypt And Decrypt String In Laravel 9
read article
PGP - Create a Public/Private Key Pair(Part 2)
read article
PGP - Introduction Encryption and Decryption (Part 1)
read article
🔐How to encrypt variables in NodeJS
read article
Java - How to Encrypt or Decrypt PDF Documents
read article
backup the .env files to git/gist/dropbox in old school way!
read article
Protect Python Source Code
read article
Python Encrypt Source Code Online
read article
Top 15 Modules 2022: Encrypt and Decrypt String Python
read article
Email Encryption: What it is, How Does It Work, and How to Encrypt an Email
read article
Add Https to Azure Web App with Let's Encrypt
read article
Ansible Vault Quick Start
currently reading
Nginx configures free SSL certificate in Windows environment (Let’s Encrypt)
read article
Encrypt/ Decrypt PDF Files in Java Application
read article
How to use GnuPG for encrypting files on MacOS
read article
Protect presentation slides in Java
read article
Featured ones: