What is Ansible Vault?

Pre-requisite: Ansible

Ansible is a configuration management, deployment, and orchestration tool. It is an open source and provides large productivity to a high amount of automation challenges. It is compatible with every operating system and the host server or cloud. Ansible is accessible to everyone; anyone can use this tool anytime. Ansible is lightweight and it is secure due to agentless capabilities. Ansible is a pushed-based tool.

 

Ansible-Vault

Ansible allows encrypting sensitive data such as keys, and passwords in encrypted files as per the requirement sensitive data convert into plaintext. When the user encrypts his sensitive file using the Ansible-Vault no one can see the data if someone tries to access the files it will show only the cyphertext. It is not in a human-readable format.

Working with Ansible Vault

Create a New Encrypted Playbook

Playbook: It is a YAML file where we write the code in YAML format to manage the configuration

# ansible-vault create playbook.yml

 

Now you can add your sensitive data or content and then save it with your unique key it will ask for the same key when you access the encrypted file. When you try to access the playbook first required to put key or password then you can access otherwise you only will be able to see the cypher text. It is not an easy task to convert cypher text into plain text. 

Access the YAML file without a password

# vi playbook.yaml

 

Now you can see the text content visible in the cypher text

 

How to Decrypt the Encrypted Playbook

# ansible-vault decrypt playbook.yml

 

Decryption is Successful

 

Encrypt the Existing Playbook book

hello.yml file is an existing file 

# ansible-vault encrypt hello.yml

 

Encryption Successful

 

Change the key or Password for an Existing Encrypted Playbook

# ansible-vault rekey hello.yml

 

 

Sometimes we want to change our password or keys for security purposes. Ansible vault allows us to change it n number of times.