Tutorial by Examples

Encrypting sensitive structured data

First, create a key file, e.g., vault_pass_file, which ideally contains a long sequence of random characters. In linux systems you could use pwgen to create a random password file: pwgen 256 1 > vault_pass_file Then, use this file to encrypt sensitive data, e.g., groups_vars/group.yml: ANSI...

Using lookup pipes to decrypt non-structured vault-encrypted data

With Vault you can also encrypt non-structured data, such as private key files and still be able to decrypt them in your play with the lookup module. --- - name: Copy private key to destination copy: dest=/home/user/.ssh/id_rsa mode=0600 content=lookup('pipe', 'ANSIBLE_VAULT_PA...

Using local_action to decrypt vault-encrypted templates

You can run a play which relies on vault-encrypted templates by using the local_action module. --- - name: Decrypt template local_action: "shell {{ view_encrypted_file_cmd }} {{ role_path }}/templates/template.enc > {{ role_path }}/templates/template" changed_when: False - ...

Page 1 of 1

logo rip
SUPPORT & PARTNERS
STAY CONNECTED

Get monthly updates about new articles, cheatsheets, and tricks.