Secure Secrets with Ansible Vault: Use Encrypted Files
Secure secrets by encrypting files using Ansible Vault.
We'll cover the following
There is a secret we have been using. It’s the password of the Ansible user that is stored in cleartext. Having it stored in clear text isn’t good, but having it stored within a Git repository is even worse. Luckily, Ansible has a solution.
Ansible Vault
Ansible Vault is a feature that allows you to encrypt files or strings to store sensitive data such as passwords and keys. These encrypted values are safe to store in source control. They are decrypted with the following options on the Ansible commands:
--ask-vault-pass
--vault-password-file
--vault-id
Using encrypted files
Ansible Vault has the ability to encrypt entire files. Using Ansible Vault, you can create an encrypted file that stores the variables.
You will encrypt the linux.yml
and windows.yml
group variable files.
- Encrypt the
linux.yml
variable file; when prompted, enter thedecrypt
password. Use the following command,
Get hands-on with 1200+ tech skills courses.