Ansible Vault is a tool included with Ansible that allows you to encrypt your sensitive data at rest, while also using it in a playbook. Often, it is necessary to store login credentials or other sensitive data in a variable to allow a playbook to run unattended. However, this risks exposing your data to people who might use it with malicious intent. Fortunately, Ansible Vault secures your data at rest using AES-256 encryption, meaning your sensitive data is safe from prying eyes.
Let's proceed with a simple example that shows you how you can use Ansible Vault:
- Start by creating a new vault to store sensitive data in; we'll call this file secret.yml. You can create this using the following command:
$ ansible-vault create secret.yml
New Vault password:
Confirm New Vault password:
Enter the password you have chosen for the vault when prompted...
