Ansible vault - Introductory session
Download as PPTX, PDF
0 likes119 views
Ansible Vault allows users to encrypt sensitive data stored in Ansible files. It encrypts values using a password provided during encryption. Users can encrypt files like variables, inventory, templates, tasks and playbooks. Encryption is done via passing a password file or stdin. Decryption requires the vault password file or entering the password. Common files encrypted include variables containing passwords, private keys or other secrets.
Ansible vault - Introductory session
- 1. Ansible Vault - Buvanesh Kumar, RHCA
- 2. About me Works for Red Hat in global learning services team Contributor to Fedora, Ezhil language foundation IRC - buvanesh_kumar Twitter - sbuvaneshkumar
- 4. What is Ansible Vault Encrypt sensitive data Comes as a part of Ansible Allows us to safely store encrypted values
- 5. How to encrypt and decrypt? Encryption: Two ways vault password file - $ ansible-vault create --vault-password-file=<vault-pass-file> <playbook> Passing the password via STDIN - $ ansible-vault create <playbook> While execution $ ansible-playbook <playbook> --ask-vault-pass $ ansible-playbook --vault-password-file=<vault-pass-file> <playbook> Decryption: $ ansible-vault decrypt <playbook> --ask-vault-pass $ ansible-vault decrypt <playbook> --vault-password-file=<vault-pass-file> <playbook>
- 6. What can I encrypt? - Variable files - Inventory files - Templates - Tasks - Playbooks - And almost anything ;) Best practise: Only encrypt sensitive information
- 7. Other commands $ ansible-vault edit <file> $ ansible-vault rekey <file> $ ansible-vault view <file>
- 8. Demo
- 9. Q & A