The Ansible Vault
As you can see from the previous section, in most cases, the Ansible variable provides sensitive information, such as a username and password. It would be a good idea to put some security measures around the variables so that we can safeguard against them. The Ansible Vault (https://docs.ansible.com/ansible/2.8/user_guide/vault.html) provides encryption for files so they do not appear in plaintext.
All Ansible Vault functions start with the ansible-vault
command. You can manually create an encrypted file via the create
option. You will be asked to enter a password. If you try to view the file, you will find that the file is not in clear text. If you have downloaded the book example, the password I used was just the word password
:
$ ansible-vault create secret.yml
Vault password: <password>
$ cat secret.yml
$ANSIBLE_VAULT;1.1;AES256 336564626462373962326635326361323639323635353630646665656430353261383737623
<skip>653537333837383863636530356464623032333432386139303335663262...