Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
0
votes
1 answer

Storing 'ansible_ssh_private_key_file' in a secure manner?

I am wondering what is the recommended best practice for storing 'ansible_ssh_private_key_file' values as part of an ansible playbook in source control. I had followed this excellent thread Ansible with multiple SSH key pair but the .pem file would…
emeraldjava
  • 10,894
  • 26
  • 97
  • 170
0
votes
2 answers

Ansible RAW Module - Curl and JSON file (Kubernetes)

I need to parse a JSON attribute named keys_base64 with curl. I only have the option to accomplish this with raw module of Ansible. This is because of a network related issue. I tried many different approaches, but am lost. How can I get this to…
wintersa
  • 202
  • 1
  • 2
  • 9
0
votes
1 answer

Using vault in Ansible gives: cannot concatenate 'str' and 'AnsibleVaultEncryptedUnicode'

I'm trying to use debops.nullmailer on Ansible (2.4) to configure nullmailer on my hosts. I want to keep the password encrypted in the variable, so am looking to use the vault functionality to encrypt the secret. My playbook looks like this: --- -…
growse
  • 3,554
  • 9
  • 43
  • 66
0
votes
1 answer

Ansible Vault not reading defined variables

I am working on Ansible automation for Cumulus-Linux (whitebox) networking. I am using Ansible Vault to encrypt the passwords in my playbooks for local accounts I want built out on the new Cumulus switch. However, when I run the playbook, it seems…
riddleOFst33l
  • 81
  • 1
  • 7
0
votes
1 answer

Environment variables not getting set with vault file in ansible role

My playbook (test.yml) is like below: - hosts: localhost connection: local gather_facts: false roles: - env environment: AWS_ACCESS_KEY_ID: "{{ access }}" tasks: - debug: msg: "Hello" And I get following…
Yogesh Gupta
  • 1,226
  • 1
  • 12
  • 23
0
votes
1 answer

Ansible variable precedence and vault

I am reworking my ansible inventory to use ansible-vault. Everything is working fine however I have an issue with, I think precendence of variables. When I try to make a local connection to ansiblemaster ( localhost 127.0.0.1 ) it seems to be using…
Synbitz Prowduczions
  • 387
  • 2
  • 7
  • 19
0
votes
1 answer

Encrypting ansible inventory file

I want to encrypt my ansible inventory file using ansible vault as it contains the IP/Passwords/Key file paths etc, which I do not want to keep it in readable format. This is what I have tried. My folder structure looks like below env/ hosts …
shwetha
  • 376
  • 4
  • 7
  • 22
0
votes
1 answer

I keep getting a password prompt when I try to git-log an ansible-vault file

I followed the instruction here: How to diff ansible vault changes? but I keep getting a prompt to put in the ansible-vault password. This is the command I run that prompts for the vault password: git log -p staging.yml What am I doing wrong? I…
big tone
  • 31
  • 6
0
votes
1 answer

Whats the best practise on handling different access right to different inventory files in same ansible project?

We have one ansible project for two teams with 3 inventory file: inventory-all inventory-teamA inventory-teamB TeamA has permissions for all and teamA, B for all and teamB. What is the best practise on handling this? We use ansible-vault to encrypt…
iptizer
  • 1,088
  • 1
  • 10
  • 19
0
votes
2 answers

Ansible: How can I create a pw hash of a password set in ansible_vault file?

I want to use Ansible te create user on my OS upon initialization of the instance. To do so I have a playbook in which I defined a role. In this role I have the following:   name: add users to local system   user:    name: "{{ item.username…
Tinuva
  • 33
  • 2
  • 5
0
votes
1 answer

Running Ansible playbooks in Jenkins fails decryption

On my development machine everything works great. It's just that when Jenkins attempts to run playbooks that are associated with vault-encrypted files, I see the error: ERROR! Decryption failed on /data/jenkins/workspace/.../secrets.yml FATAL:…
Jubz
  • 157
  • 2
  • 11
0
votes
2 answers

ansible vault with private key as password (similar to eyaml)?

Part of puppet to ansible migration. current puppet config uses eyaml: :eyaml: :datadir: /opt/puppet/yamls :pkcs7_private_key: /opt/puppet/secure/keys/eyaml_private_key.pkcs7.pem :pkcs7_public_key: …
MavWolverine
  • 846
  • 1
  • 9
  • 24
0
votes
2 answers

Does Ansible vault have to use a password to run

I have been looking into Ansible vault but want to check something incase I have missed a crucial point. Do you have to run the playbook and provide the password. Encrypting the data seems a great idea but if I share the playbook the person running…
user3086854
  • 571
  • 1
  • 6
  • 8
-1
votes
0 answers

Ansible Vault permissions issue with SSH Keys

I am using Ansible to SSH into a digital ocean instance to deploy some scripts, and I want to publish my playbook on git, but I cannot unless the SSH keys are encrypted. I encrypted the keys using ansible-vault encrypt (privatekey), but when I…
Muhammad Shahzaib Chaudhary
  • 1
-1
votes
1 answer

Ansible doesn't seems to apply encrypted vault password but reads the vault file

I'm new to ansible and trying to create new user with encrypted password using ansible-vault. The taget system is OpenBsd, and I'm using ansible 2.10 on Ubuntu 20.04 . The "problem" is once the playbook finished, I get this message in…
maka
  • 61
  • 1
  • 4
1 2 3
13
14