What is Ansible Vault?
Ansible is a configuration management, deployment, and orchestration tool. It is an open source and provides large productivity to a high amount of automation challenges. It is compatible with every operating system and the host server or cloud. Ansible is accessible to everyone; anyone can use this tool anytime. Ansible is lightweight and it is secure due to agentless capabilities. Ansible is a pushed-based tool.
Ansible allows encrypting sensitive data such as keys, and passwords in encrypted files as per the requirement sensitive data convert into plaintext. When the user encrypts his sensitive file using the Ansible-Vault no one can see the data if someone tries to access the files it will show only the cyphertext. It is not in a human-readable format.
Working with Ansible Vault
Create a New Encrypted Playbook
Playbook: It is a YAML file where we write the code in YAML format to manage the configuration
# ansible-vault create playbook.yml
Now you can add your sensitive data or content and then save it with your unique key it will ask for the same key when you access the encrypted file. When you try to access the playbook first required to put key or password then you can access otherwise you only will be able to see the cypher text. It is not an easy task to convert cypher text into plain text.
Access the YAML file without a password
# vi playbook.yaml
Now you can see the text content visible in the cypher text
How to Decrypt the Encrypted Playbook
# ansible-vault decrypt playbook.yml
Decryption is Successful
Encrypt the Existing Playbook book
hello.yml file is an existing file
# ansible-vault encrypt hello.yml
Change the key or Password for an Existing Encrypted Playbook
# ansible-vault rekey hello.yml
Sometimes we want to change our password or keys for security purposes. Ansible vault allows us to change it n number of times.
Please Login to comment...