Ansible Vault Tutorial

Ansible Vault Tutorial

Ansible Vault is a feature that allows you to keep all your secrets safe and you can encrypt the secret files. Ansible Vault is primarily useful when you want to store confidential data. To encrypt your secret files in ansible we use a utility called ansible-vault.

Ansible Vault Tutorial

Creating New Encrypted Files

To create a new encrypted file with ansible Vault, use ansible-vault create command. it will ask you vault password two times, enter the password two times, this password we will use in the future to run the playbooks so remember this vault password and after entering vault password two times you will enter into vi(vim) editor of that file, you can write in that file and save it.

ansible-vault  	create   abc.yaml

here it will create a new encrypted file.

Encrypting Existing Files

to encrypt the existing files we can use ansible-vault encrypt command. it will ask you vault password two times enter it. that's it in this way we can encrypt existed files.

ansible-vault encrypt abc.yaml

Display(view) the content of encrypted files

to display or to view the content of encrypted files we can use ansible-vault view command. we can not cat or vi of any encrypted file since if you use these commands to see the content it will show you some encrypted code. So to view the data or content of encrypted files we use ansible-vault view command.

ansible-vault view abc.yml

it will ask you the vault password, enter the password and then you can see the content of the file

Editing Encrypted Files

if you want to add extra data or remove the data from the encrypted file, we can not directly edit or vi(vim) of the encrypted file. for this, we use the ansible-vault edit command. using this command we can edit the encrypted files.

ansible-vault edit abc.yml

it will ask you ansible vault password, enter the password, after enting the password file will be opened in vi(vim)editor, edit the file and save it.

Decrypt the Encrypted Files

to remove encryption from the encrypted files, we use ansible-vault decrypt command.

ansible-vault decrypt abc.yml

it will ask you vault password, enter the password, encryption will be removed from the file or file will be decrypted.

Changing the Password of Encrypted Files

to change the vault password of encrypted files we use ansible-vault rekey command.

ansible-vault rekey abc.yml

When you enter the command, you will first be prompted with the file's current password. After entering it, you will be asked to select and confirm a new vault password. enter the new vault password, that's it in this way we can change the vault password of an encrypted file.

Run the Encrypted Playbook

first method

to run any playbook in ansible we use ansible-playbook command here also we use the same command to run the playbook, but we have to pass one new extra argument when you are running encrypted file and that is --ask-vault-pass.

ansible-playbook abc.yml --ask-vault-pass

it will ask you vault password enter it, that's it in this way you can run the encrypted playbook

Second method

sometimes Password prompts can get annoying. to avoid this, we can one ansible feature called “password file” which references to a file containing the password. You can then just pass this password file during runtime

ansible-playbook abc.yml --vault-password-file /path/to/vault_password.txt

in this way, you can avoid password prompting or typing.

Leave a Reply

Your email address will not be published. Required fields are marked *