Chapter 8. Encrypting Data with Vault
Using variables, we saw how to separate data and code. Often, the data provided is sensitive, for example, user passwords, data base credentials, API keys, and other organization-specific information. Ansible-playbooks, being a source code, are most commonly stored in version control repositories such as a git, which makes it even more difficult to protect this sensitive information in a collaborative environment. Starting with version 1.5, Ansible provides a solution called vault to store and retrieve such sensitive information securely, using proven encryption technologies. The objective of using vault is to encrypt data that can then be stored and shared freely with a version control system, such as git, without the values being compromised.
In this chapter, we will learn about the following topics:
- Understanding the Ansible-vault
- Securing data using the Ansible-vault
- Encryption, decryption, and rekeying operations
