Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Ansible Playbook Essentials

You're reading from   Ansible Playbook Essentials Design automation blueprints to manage your multitier infrastructure

Arrow left icon
Product type Paperback
Published in Aug 2015
Publisher
ISBN-13 9781784398293
Length 168 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Gourav Shah Gourav Shah
Author Profile Icon Gourav Shah
Gourav Shah
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface Setting Up the Learning Environment 1. Blueprinting Your Infrastructure FREE CHAPTER 2. Going Modular with Ansible Roles 3. Separating Code and Data – Variables, Facts, and Templates 4. Bringing In Your Code – Custom Commands and Scripts 5. Controlling Execution Flow – Conditionals 6. Iterative Control Structures – Loops 7. Node Discovery and Clustering 8. Encrypting Data with Vault 9. Managing Environments 10. Orchestrating Infrastructure with Ansible A. References
Index

Encrypting the database credentials

Earlier while creating database users, we provided the passwords as plain text in group_vars. This can be a potential threat, especially when checked into a version control repository. Let's encrypt it. We will use the encrypt subcommand as we already have a variables file.

Since we are using the group_vars group to provide database credentials, we will encrypt the group_vars/all file as follows:

$ ansible-vault encrypt group_vars/all
Vault password:
Confirm Vault password:
Encryption successful

For encryption, Ansible-vault asks for a password or key to be entered by the user. Using this key, the vault encrypts the data and replaces the file with the encrypted content. The following diagram shows the plain text content on the left and the equivalent encrypted content on the right for the group_vars/all file:

Encrypting the database credentials

This file now can be safely checked into a version control system and shared. However, the following are the caveats users should be aware of...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image