Ansible terminology - What is an Ansible Vault?
How to store variables and files in an encrypted way using the ansible-vault command line utility.
What is an Ansible Vault?
How to store variables and files in an encrypted way.
I will show you a live Playbook with some simple Ansible code.
I'm Luca Berton, and welcome to today's episode of Ansible Pilot.
Ansible Vault
Ansible Vault encrypts variables and files to protect sensitive content and lets you use them in Playbooks, Roles, and Collections.
Ansible Vault stores variables and files encrypted and lets you use them in Vaults or roles. The cipher used to protect files is AES 256 in recent versions of Ansible.
Links
- https://docs.ansible.com/ansible/latest/user_guide/vault.html
Playbook
I will show you how to encrypt one password using the ansible-vault command line utility.
Let's assume that the password is currently stored in a single Ansible file (YAML) called plain-to-encrypted.yml.
code
- plain-to-encrypted.yml
``yaml
---
password: mysupersecretpassword
`
encryption
I'm going to encrypt the source file using the ansible-vault command:
`
$ ansible-vault encrypt plain-to-encrypted.yml
New Vault password:
Confirm New Vault password:
Encryption successful
`
before
`bash
$ cat plain-to-encrypted.yml
---
password: mysupersecretpassword
`
after
`bash
$ cat plain-to-encrypted.yml
$ANSIBLE_VAULT;1.1;AES256
32303838636131363238666462336132613234323239316136336164343638653532306536306462
3933646539656462396264666232636133663831613463390a653638663934393761616636643638
34383235323539323366616361363664343462616265343333346162303633373333643637323066
3063343037366364300a356434653461316234323830333737656563623030383631663937363931
30393037333863316237393432626539663130343562396461363336383730373533643665653065
3136613764303938393531343635313831313533656665386535
``
Conclusion
Now you know what an Ansible Vault is and how to use it.
You know how to use it based on your use case.