Hello DevOps Automations Engineers!!
Ansible provides us special command 'ansible-vault' that is used to encrypt, decrypt, view an Ansible playbook, this is also have amazing feature specific to role, vars YAML files, we can apply this to string of text in regular variables.
Why do we need to encrypt our Play books?
Our Ansible automation projects, we need to work on multiple tasks and which may have some sensitive data such as database user credentials, any cloud IAM role details or it can be some other applications login credentials that's used to validate URL availability. Or it can be used to store the SSL certificates. At any point of time if the system is using plain text and it has trouble to your confidential and sensitive data otherwise it could causes huge damage to your organization. Where we need a way to store the sensitive data can be protected by data encryption tool, and this can be done using the Ansible-vault command.
Let's see the ansible-vault command help, in this we will experiment with what all the options we have to play with encryption and decryption of plain text in a file, string, entire YAML file also can be locked with this.
ansible-vault --help usage: ansible-vault [-h] [--version] [-v] {create,decrypt,edit,view,encrypt,encrypt_string,rekey} ... encryption/decryption utility for Ansible data files positional arguments: {create,decrypt,edit,view,encrypt,encrypt_string,rekey} create Create new vault encrypted file decrypt Decrypt vault encrypted file edit Edit vault encrypted file view View vault encrypted file encrypt Encrypt YAML file encrypt_string Encrypt a string rekey Re-key a vault encrypted file
ansible-vault with create option
ansible-vault create vault.yml
ansible-vault create |
Encrypt
echo "unencrypted stuff"> encrypt_me.txt cat encrypt_me.txt ansible-vault encrypt encrypt_me.txt cat encrypt_me.txt
Ansible-vault for encryption of a file |
Decrypt
ansible-vault decrypt vault.yml
View
ansible-vault view valut.yml
No comments:
Post a Comment