CentrioHost Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


Ansible Vault

Ansible Vault can encrypt anything inside of a YAML file, using a password of your choice which secures your sensible data such as passwords or keys. Ansible vault is mainly used for encrypting variable files and it can encrypt any YAML file.

Most common files to encrypt are:

  • A role’s defaults/main.yml file
  • A role’s vars/main.yml file
  • Files within the group_vars directory
  • Any other file used to store variables.

Creating Encrypted Files.

To create a new encrypted data file using ansible,

[root@ansible vault]# ansible-vault create sample.yml
New Vault password: 
Confirm New Vault password: 
[root@ansible vault]#

The ansible-vault command will ask you for a new password twice.

Encrypted files look like below code,

[root@ansible vault]# cat sample.yml
$ANSIBLE_VAULT;1.1;AES256
34633862393363633630643337343263393762313531386263653935623139303839666362313961
3233356336343366383766363563303035386233393833390a393733303062653830373562396233
65633663346662336462333838333262333836396631373064636636306230623132353163383330
3165333737636363660a386438306662643135643937643264636461633035656231336435393565
30343832393839666532353835646139353565326363626332616132613538353566323838643737
3833303431656239303564633164323766393266383530663332
[root@ansible vault]#

Encrypting an Existing File.

Using ansible-vault, we can ecrypt an existing file.

[root@ansible vault]# ansible-vault encrypt test.yml
New Vault password: 
Confirm New Vault password: 
Encryption successful
[root@ansible vault]#

Editing an encrypted file.

Once you have encrypted a file then the only way to edit the same file is by using code,

[root@ansible vault]# ansible-vault edit test.yml 
Vault password: 
[root@ansible vault]# 

Decrypting a File

You can decrypt an encrypted file for getting back the plain text format as well:

[root@ansible vault]# ansible-vault decrypt test.yml 
Vault password: 
Decryption successful
[root@ansible vault]# 

Encrypting Variables specifically.

Opening an encrypted file will change the encrypted hash. Since you dont have to encrypt a whole file.openticket

[root@ansible vault]# ansible-vault encrypt_string 'sample plaintext string' --name 'new_string'
New Vault password: 
Confirm New Vault password: 
new_string: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34373730663434346533623339666164623866393563383930363935626661333137303963356230
          6436636563303736353139333631356532623366373934310a383038643130646332366136646439
          65366565316238363631623436643536306533393165346133393738623235356663613134313530
          6234343139656166640a663435636137333465303938616233343162303263663537313263663034
          31373661313763653734633164356631313166323139646338363338636139363237
Encryption successful
[root@ansible vault]#

You can paste the output or append into an existing YAML file for use this string

Running Ansible with Encrypted Variables.

At the time when your playbooks reference encrypted variables, then you may need to specify to Ansible the password.

[root@ansible vault]# ansible-playbook --ask-vault-pass -i inventory_file test.yml 
Vault password: 

–ask-vault-pass will instruct Ansible to ask vault password .

Also you can do store vault password on file and instruct to Ansible via code

[root@ansible vault]# cat > vault_password
Enter_password
Save and exit
Then run the below command,
[root@ansible vault]# ansible-vault --vault-password-file=vault_password test.yml

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 1
2345678
9101112131415
16171819202122
23242526272829
30 

Over 20000 Satisfied Customers!

  • web hosting reviewer
    Valerie Quinn
    CTO, Acteon Group

    Centriohost staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue! ~ . . . Read more

  • Joomla hosting reviewer
    Collin Bryan
    Photographer, Allister Freeman

    I'm using centrio for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly. ~ . . . Read more

  • dedicated server reviewer
    Harry Collett
    Actor, A&J Artists

    Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all. ~ . . . Read more

  • vps web hosting reviewer
    Porfirio Santos
    Technician, Diageo PLC

    Centrio support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Centriohost have been amazingly responsive and helpful to any of my queries 👍👍👍 ~ . . . Read more

  • wordpress hosting plans reviewer
    Catherine Auer
    Doctor, SmartClinics

    Anytime I've had a problem I can't solve, I've found Centriohost to be diligent and persistent. They simply won't let an issue go until the client is happy. ~ . . . Read more

  • reseller hosting reviewer
    Effectivo Social
    Freelancer, Fiverr

    Recommend their shared hosting for all my SME web design clients. Their cloud or VME offerings are too great to deal with. Pricing is perfect and suitable for all users (͠≖ ͜ʖ͠≖) 👌 ~ . . . Read more

Top