Lesson 4.2: Managing Secrets

What is Ansible Vault?

Ansible Vault is a feature that allows users to encrypt sensitive data such as passwords, API keys, or private keys within Ansible playbooks. It ensures that confidential information is protected while still being used within automation workflows.

Why Use Ansible Vault?

  • Security: Prevents unauthorized access to sensitive information.
  • Integration: Works seamlessly within Ansible playbooks and roles.
  • Flexibility: Allows encryption of entire files, specific variables, or even inline content.

This task involves creating an Ansible Vault to securely store user passwords for automation tasks. The vault (vault.yml) contains two encrypted variables:

  • dev_pass: redhat
  • mgr_pass: linux The vault is encrypted with the password "devops", which is stored in /home/devops/ansible/password.txt for secure access. This ensures that sensitive credentials are protected while being used within playbooks.
 
[devops@ansible-server ansible]$ cat password.txt 
devops
 
[devops@ansible-server ansible]$ ansible-vault create --vault-password-file=password.txt vault.yml
 
[devops@ansible-server ansible]$ ansible-vault view vault.yml 
Vault password: 
dev_pass: redhat
mgr_pass: linux
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.