The Ansible Vault
As you can see from the previous section, in most cases, the Ansible variable provides sensitive information such as a username and password. It would be a good idea to put some security measures around the variables so that we can safeguard against them. The Ansible Vault (https://docs.ansible.com/ansible/2.5/user_guide/vault.html) provides encryption for files so they appear in plaintext.
All Ansible Vault functions start with the ansible-vault
command. You can manually create an encrypted file via the create option. You will be asked to enter a password. If you try to view the file, you will find that the file is not in clear text. If you have downloaded the book example, the password I used was just the word password:
$ ansible-vault create secret.yml Vault password: <password> $ cat secret.yml $ANSIBLE_VAULT;1.1;AES256 336564626462373962326635326361323639323635353630646665656430353261383737623<skip>653537333837383863636530356464623032333432386139303335663262...