Ansible Vault

Ansible Vault can encrypt anything inside of a YAML file, using a password of your choice which secures your sensible data such as passwords or keys. Ansible vault is mainly used for encrypting variable files and it can encrypt any YAML file.

Most common files to encrypt are:

  • A role’s defaults/main.yml file
  • A role’s vars/main.yml file
  • Files within the group_vars directory
  • Any other file used to store variables.

Creating Encrypted Files.

To create a new encrypted data file using ansible,

[root@ansible vault]# ansible-vault create sample.yml
New Vault password: 
Confirm New Vault password: 
[root@ansible vault]#

The ansible-vault command will ask you for a new password twice.

Encrypted files look like below code,

[root@ansible vault]# cat sample.yml
$ANSIBLE_VAULT;1.1;AES256
34633862393363633630643337343263393762313531386263653935623139303839666362313961
3233356336343366383766363563303035386233393833390a393733303062653830373562396233
65633663346662336462333838333262333836396631373064636636306230623132353163383330
3165333737636363660a386438306662643135643937643264636461633035656231336435393565
30343832393839666532353835646139353565326363626332616132613538353566323838643737
3833303431656239303564633164323766393266383530663332
[root@ansible vault]#

Encrypting an Existing File.

Using ansible-vault, we can ecrypt an existing file.

[root@ansible vault]# ansible-vault encrypt test.yml
New Vault password: 
Confirm New Vault password: 
Encryption successful
[root@ansible vault]#

Editing an encrypted file.

Once you have encrypted a file then the only way to edit the same file is by using code,

[root@ansible vault]# ansible-vault edit test.yml 
Vault password: 
[root@ansible vault]#

Decrypting a File

You can decrypt an encrypted file for getting back the plain text format as well:

[root@ansible vault]# ansible-vault decrypt test.yml 
Vault password: 
Decryption successful
[root@ansible vault]#

Encrypting Variables specifically.

Opening an encrypted file will change the encrypted hash. Since you dont have to encrypt a whole file.openticket

[root@ansible vault]# ansible-vault encrypt_string 'sample plaintext string' --name 'new_string'
New Vault password: 
Confirm New Vault password: 
new_string: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34373730663434346533623339666164623866393563383930363935626661333137303963356230
          6436636563303736353139333631356532623366373934310a383038643130646332366136646439
          65366565316238363631623436643536306533393165346133393738623235356663613134313530
          6234343139656166640a663435636137333465303938616233343162303263663537313263663034
          31373661313763653734633164356631313166323139646338363338636139363237
Encryption successful
[root@ansible vault]#

You can paste the output or append into an existing YAML file for use this string

Running Ansible with Encrypted Variables.

At the time when your playbooks reference encrypted variables, then you may need to specify to Ansible the password.

[root@ansible vault]# ansible-playbook --ask-vault-pass -i inventory_file test.yml 
Vault password:

–ask-vault-pass will instruct Ansible to ask vault password .

Also you can do store vault password on file and instruct to Ansible via code

[root@ansible vault]# cat > vault_password
Enter_password
Save and exit
Then run the below command,
[root@ansible vault]# ansible-vault --vault-password-file=vault_password test.yml

Categories

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

Sat Sun Mon Tue Wed Thu Fri
 1234
567891011
12131415161718
19202122232425
262728293031  

Recent Articles

Tags

Over 20000 Satisfied Customers!

From 24/7 support that acts as your extended team to incredibly fast website performance

Zelt staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue!

author
Technician, Diageo PLC

I'm using Zelt for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly.

author
Photographer, Allister Freeman

Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all.

author
Actor, A&J Artists

Zelt support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Zelt have been amazingly responsive and helpful to any of my queries 👍👍👍

author
Technician, Diageo PLC

Anytime I've had a problem I can't solve, I've found Zelt to be diligent and persistent. They simply won't let an issue go until the client is happy.

author
Doctor, SmartClinics

Zelt support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Zelt have been amazingly responsive and helpful to any of my queries 👍👍👍

author
Freelancer, Fiverr

24/7 World-Class Support

Ran into trouble? Contact our Customer Success team any time via live chat or email.

  • Receive professional WordPress support
  • Our specialists are available round
Get Support

At Zelt Technologies Limited, we aim at fulfilling all the business needs with perfectly crafted hosting plans and endless customer service

Payment Method
  • svg
  • svg
  • svg
  • svg
  • svg
Hosting Services
Reseller Services
Bare Metal Series

ZELT.AE is a © Label of Zelt Technologies Ltd, UAE - All Rights ® Reserved