The ansible-vault command will be used to work with encryption and decryption of files. Following an example.
$ansible-vault create myencryptedfile.ymlNew Vault password:passwordConfirm New Vault password:password
| Commands | |
|---|---|
| $ansible-vault create <file> | To create an encrypted file |
| $ansible-vault view <file> | To view the content of the file |
| $ansible-vault edit <file> |
To edit the content of the file
|
| $ansible-vault rekey <file> | To change the encryption password |
| $ansible-vault decrypt <file> –output=<new-file> | To decrypt a file |
| $ansible-vault encrypt <file> –output=<encrypted-file> | To encrypt a file |
See more about it in the Ansible docs.
How to use the vault/encrypted data in the playbooks?
Following an example of a playbook implementation to use the encrypted file.
employees:
- user: allan
pwd: user1
- user: camila
pwd: user2
---
- name: Example with vault files
hosts: all
vars_files:
- vars/employees.yml # Here is the encrypted data
tasks:
- name: Creating users for each employee defined
user:
name: "{{ item.user }}"
password: "{{ item.pwd | password_hash('sha512') }}"
with_items: "{{ employees }}"
See more about it here.
The following command is using the param –-ask-vault-pass which will ask the vault password of the file used in the playbook.
$ ansible-playbook –-ask-vault-pass playbook.yml
See more about it here.
www.Dev4Devs.com 