Chapter #8: Encrypting Content With Ansible Vault
This is the eighth chapter of RHCE Ansible EX 294 exam preparation series. In this tutorial, you'll learn about securing sensitive information with Ansible Vault. The chapter will be available to non-members after a week.
There are many situations where you would want to use sensitive information in Ansible. For instance, you may want to set userβs password, transfer certificates or keys, etc.
In this tutorial, you will learn to:
- Use Ansible Vault to protect and deal with sensitive information.
- Create, view, and edit vault encrypted files.
- Decrypt vault encrypted files and to change the password of a vault encrypted file.
Furthermore, you will learn how to use encrypted variables and files in your playbooks.
This is the 8th chapter of the RHCE Ansible tutorial series. The series teaches you Ansible with hands-on examples so that you learn by doing it. If this is your first time here, you should refer to other chapters in this series.
Creating encrypted files
To create a new encrypted file; you can use the ansible-vault create command. To demonstrate, letβs create a new encrypted file named secret.txt:
[elliot@control plays]$ ansible-vault create secret.txt
New Vault password:
Confirm New Vault password:
It will first prompt you for a vault password that you can use whenever you want to open the file later afterwards. After you enter the password, it will open the file with your default file editor and so you can go ahead and insert the following line:
A Linux sysadmin who likes to code for fun. I have authored Learn Linux Quickly book to help people learn Linux easily. I also like watching the NBA and going for a cruise with my skateboard.