0

I ran my secrets through a playbook and locked it in ansible-vault. Following this I set up a python script that could unlock the vault.

vault.yml

#######################################################
- hosts: localhost   tasks:
    - name: Pull secret for password
      shell: python3 CSRSecret.py
      register: secret_pass

    - debug:
        var: secret_pass.stdout

unlockVault.py

from ansible_vault import Vault

vault = Vault('password')
data = vault.load(open('vault.yml').read())

My next step was to create a playbook that uses the python script to unlock the vaulted file then run and read it.

Step 1 testPlay.yml

---
#######################################################
# Python Script for Pulling CSR's

- hosts: localhost
  tasks:
    - name: Unlock file locked by Vault
      shell: unlockVault.py

    - name: Read Unlocked file
      shell:

once it unlocks the vault.yml file I can't figure out how to run the playbook and read it, when it unlocks the playbook shows the code as seen on vault.yml

IAmTazlan
  • 43
  • 10
  • Why don't you put your vault script as a `--vault-password-file` parameter instead of unlocking the vault? – Rafael de Bem Oct 19 '22 at 14:38
  • Sorry I don't get what you mean? – IAmTazlan Oct 25 '22 at 12:50
  • Take a look at [the documentation](https://docs.ansible.com/ansible/latest/user_guide/vault.html), mainly [here](https://docs.ansible.com/ansible/latest/user_guide/vault.html#using-encrypted-variables-and-files). – Rafael de Bem Oct 26 '22 at 01:09

0 Answers0