0

I have an ansible inventory file 'inventory_dev.yml' that I've used ansible-vault encrypt_string to encrypt the value of a single variable in that we'll call 'application_password'

Inside inventory_dev.yml file the variable value is listed like this:

---
all:
  children: 
  vars:
    application_password: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              64393632336331393862353661373431203833323637323634653863346339303831623164613936
              3037643438653566646262363030303132306431363964330a393034323363393937326332666164
              35636163353132623362393433346635653866386538353764323237393838313033313988888888
              3231643033396637320a616439663044646436396130633935353630363139666537336530333332
              3543

Now - I want to rotate my application_password, so I have generated a new value for "application_password" similar to the one displayed above. How do I insert that value programatically to inventory.dev.yml?

Medos
  • 305
  • 1
  • 3
  • 9
  • 1
    There are no premade tools for this at the moment. You need to get the var content (e.g. with `jq`/`yq`), pass it to `ansible-vault decrypt` with the old password, pass the decrypted string to `ansible-vault encrypt_string` with the new password and write the result back in your original yaml file. – Zeitounator Jun 12 '21 at 10:45
  • 1
    Encrypt the variable in a file and put it into the directory *group_vars/all*. – Vladimir Botka Jun 13 '21 at 03:25
  • Yes! Thanks Vladimir I think that's the best way to do it. I can also just use one file for this credential and still use encrypt_string and not have to deal with the yaml parsing – Medos Jun 14 '21 at 15:43

0 Answers0