Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
0
votes
0 answers

Is it possible to import child yaml file in main yaml where child yaml will decrypt login info with ansible-vault

>>> main.yaml --- - hosts: localhost connection: local gather_facts: false vars_files: - child.yml tasks: - debug: var: username - name: Run Custom Module run_task: ip: "{{ ip }}" username:…
Sindu Kovi
  • 1
  • 2
0
votes
1 answer

Ansible vault - Decryption of encrypted string

I am trying to decrypt an encrypted string using Ansible vault. I have a key which is used for encryption. The encryption works fine but decryption doesn't seem to work. When I try to use decryption command , I am asked for vault password even…
Monish Das
  • 383
  • 2
  • 12
  • 28
0
votes
2 answers

Ansible AWX / Tower - Use Vault credential in playbook

In Ansible AWX I created a Vault-credential (named: user-pw). Now I want to use that password in a playbook. But it doesn't work. I created a template, add the Vault-credential (at the credential input). In the playbook I used the variable "{{…
ND90
  • 55
  • 1
  • 2
  • 8
0
votes
1 answer

Use of --ask-vault-pass on Jenkins pipeline

I am using ansible-vault in a playbook and I want to call it from Jenkinsfile. I have read that you can have the password in a file and just call it like that but I want to do it using the --ask-vault-pass. I created the credential (secret text) on…
josegp
  • 499
  • 6
  • 21
0
votes
0 answers

How to delete old MySQL user created by vault with auto rotation creds

Vault rotates creds and also create a user but when it creates a new user then it can’t delete the old user These are my configuration username=“user” password=“password” vault write database/roles/mysql-role db_name=app1 creation_statements=“CREATE…
Shiva
  • 1
  • 1
0
votes
1 answer

Create file from variable in ansible

I want to create a file (namely an id_rsa key) using ansible. It seems that using the copy builtin module is no longer recommended and users are advised to use template. If I understand correcly, I will have to put the contents of the id_rsa to an…
pkaramol
  • 16,451
  • 43
  • 149
  • 324
0
votes
0 answers

Hashicorp Vault roleid and secretid gives "unhexlify error: Odd-length string" when created as an ansible vault secret

I could see in the inventory roleid and secretid created as ansible vault secret so i can use it in my playbook. secret_id: __ansible_vault: > $ANSIBLE_VAULT;1.1;AES256 …
Sid
  • 161
  • 1
  • 10
0
votes
1 answer

How to encrypt variables within a playbook in Ansible?

I am running a playbook where I am passing in a password from an external hashicorp vault. The problem is that when I run the playbook, the password is displayed in plain text in the output provided by ansible. I want the logs to be visible so I do…
Rajesh Patel
  • 53
  • 1
  • 9
0
votes
0 answers

Rotating an ansible-vault encrypt_string variable in a YAML file

I have an ansible inventory file 'inventory_dev.yml' that I've used ansible-vault encrypt_string to encrypt the value of a single variable in that we'll call 'application_password' Inside inventory_dev.yml file the variable value is listed like…
Medos
  • 305
  • 1
  • 3
  • 9
0
votes
1 answer

connecting to a remote host with ansible-vault encrypted private key does not work

I can ssh to a remote server if I use the ansible command module e.g tasks: - name: ssh to remote machine command: ssh -i key ansible@172.16.2.2 However as this will be stored in github, I encrypted the private ssh key with…
b Od
  • 39
  • 2
  • 9
0
votes
1 answer

How to get password from ansible vault to be used as variable?

I have the following ansible role: - name: Get latest code from repository git: repo: 'https://{{ username }}:{{ password }}@{{ repository }}' dest: "{{ destination }}" force: yes While username and repository can be variables, I am…
Kok How Teh
  • 3,298
  • 6
  • 47
  • 85
0
votes
1 answer

Using credentials securely in ansible inventory

In order to connect to a windows host I will need to pass the credentials in an inventory file. Here's my inventory…
ring0
  • 35
  • 1
  • 7
0
votes
1 answer

Ansible hide ansible_password

I am familiar with the solution of ansible-vault feature. Our passwords are stored as a call to an external lookup (to be specific - Cyberark password). However, a regular user can still with simple debug command to see them ansible -m debug -a…
Idan Tank
  • 27
  • 5
0
votes
1 answer

Ansible Vault - Same Git repo for Prod & Test

Apologies for the lengthy post. I am a relatively newbie to Ansible and Vault (<2 months). Environment: CentOS & Win2019 (90% Linux systems) Ansible 2.10.7 (master Ansible controller) AWX 17.0.1 (embedded ansible 2.9.17) Ultimate goals: Use the…
bwinchell
  • 51
  • 1
  • 10
0
votes
1 answer

Ansiblle become fails with vault

I've created an encrypted credent.yml file with this content: sudo_password: whatever I can decrypt with ansible-vault view credent.yml, however I cannot use it with this playbook: --- - name: "Ansible test localhost" hosts: 127.0.0.1 …
sebelk
  • 565
  • 1
  • 6
  • 16
1 2 3
13 14