There are many situations where you would want to use sensitive information in Ansible. For instance, you may want to set user’s password, transfer certificates or keys, etc.
In this tutorial, you will learn to:
- Use Ansible Vault to protect and deal with sensitive information.
- Create, view, and edit vault encrypted files.
- Decrypt vault encrypted files and to change the password of a vault encrypted file.
Furthermore, you will learn how to use encrypted variables and files in your playbooks.
This is the 8th chapter of the RHCE Ansible tutorial series. The series teaches you Ansible with hands-on examples so that you learn by doing it. If this is your first time here, you should refer to other chapters in this series.
Creating encrypted files
To create a new encrypted file; you can use the ansible-vault create command. To demonstrate, let’s create a new encrypted file named secret.txt:
[[email protected] plays]$ ansible-vault create secret.txt New Vault password: Confirm New Vault password:
It will first prompt you for a vault password that you can use whenever you want to open the file later afterwards. After you enter the password, it will open the file with your default file editor and so you can go ahead and insert the following line:
Read the full story
The rest of the article is available to LHB Pro members only. You can sign up now for $50 a year to read the rest of this article and get FREE access to all members-only posts, ebooks and video courses.Subscribe