Lesson 4.2: Managing Secrets
What is Ansible Vault?
Ansible Vault is a feature that allows users to encrypt sensitive data such as passwords, API keys, or private keys within Ansible playbooks. It ensures that confidential information is protected while still being used within automation workflows.
Why Use Ansible Vault?
- Security: Prevents unauthorized access to sensitive information.
- Integration: Works seamlessly within Ansible playbooks and roles.
- Flexibility: Allows encryption of entire files, specific variables, or even inline content.
This task involves creating an Ansible Vault to securely store user passwords for automation tasks. The vault (vault.yml) contains two encrypted variables:
- dev_pass: redhat
- mgr_pass: linux The vault is encrypted with the password "devops", which is stored in /home/devops/ansible/password.txt for secure access. This ensures that sensitive credentials are protected while being used within playbooks.
[devops@ansible-server ansible]$ cat password.txt devops [devops@ansible-server ansible]$ ansible-vault create --vault-password-file=password.txt vault.yml [devops@ansible-server ansible]$ ansible-vault view vault.yml Vault password: dev_pass: redhat mgr_pass: linux