Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
7
votes
1 answer

PyYAML error: Could not determine a constructor for the tag '!vault'

I am trying to read a YAML file that has the tag !vault in it. I get the error: could not determine a constructor for the tag '!vault' Upon reading a couple of blogs, I understood that I need to specify some constructors to resolve this issue, but…
Eva
  • 515
  • 4
  • 28
7
votes
1 answer

How to resolve git conflicts with files encrypted by ansible-vault in PyCharm

Is it possible to resolve conflicts in files which are encrypted by ansbile-vault in PyCharm's GUI? I have tried to follow the instruction provided in the accepted answer at How to diff ansible vault changes?. I put ansible-vault password in…
stasiekz
  • 1,775
  • 5
  • 22
7
votes
3 answers

Pass vault password to vagrants ansible_local provisioner

I'm using the ansible_local provisioner for my vagrant box. Some of my variables should be stored in a vault file. While the ansible provisioner provides ask_vault_pass as configuration option…
turbophi
  • 151
  • 2
  • 8
6
votes
1 answer

ERROR! failed to combine variables, expected dicts but got a 'dict' and a 'AnsibleUnicode'

I have a very weird issue that I am unable to resolve. Already spent 4 hours on debugging but without any progress, never encountered something like this before. Ansible's information: ansible [core 2.11.5] config file =…
Igor Hrcek
  • 715
  • 5
  • 16
6
votes
1 answer

Ansible called by Vagrant does not prompt for vault password

Summary I have a Vagrantfile provisioning a Virtualbox VM with Ansible. The Ansible playbook contains an Ansible Vault-encrypted variable. My problem is that Vagrant provisioning does not prompt for the password although I pass the option to do…
bjhend
  • 1,538
  • 11
  • 25
6
votes
4 answers

How to debug "ERROR! Unexpected Exception: Non-hexadecimal digit found" in Ansible and Vagrant?

I am facing a problem trying to run Vagrant with Ansible. Here is the error that I'm getting when I'm trying to run vagrant up or vagrant provision in terminal (git bash) on Windows 7: ERROR! Unexpected Exception: Non-hexadecimal digit found to see…
Vladan Grubo Paunovic
  • 86
  • 1
  • 1
  • 9
6
votes
2 answers

Using a variable from one Ansible var file in a second var file

In using Ansible, I'm trying to use a vaulted vars file to store private variables, and then using those in another vars file, in the same role. (The idea from 'Vault Pseudo leaf encryption' here.) e.g. I have one standard vars file,…
Phil Gyford
  • 13,432
  • 14
  • 81
  • 143
6
votes
3 answers

How to automate ansible vault decryption?

I want to automate the decryption of ansible vault and not to have to specify the vault location or password from the command line. Mainly, I am looking for a solution what would work in a way that similar to how ~/.netrc works. When you put…
sorin
  • 161,544
  • 178
  • 535
  • 806
5
votes
1 answer

pass password to a Python script on prompt

How can I pass a password to my python script when it prompts for a password. I do not want the user to enter the password when it prompts. It should be passed directly from the script. subprocess.run(['ansible-vault', 'decrypt', 'main.yml',…
Samna Najeeb
  • 181
  • 2
  • 9
5
votes
1 answer

Rekey individually encrypted ansible vault variables?

From reading the documentation, You cannot rekey encrypted variables For example, if this is the content of group_vars/all.yaml, I would like to rekey all the encrypted variables. key_tab: !vault | $ANSIBLE_VAULT;1.1;AES256 …
applewil
  • 336
  • 1
  • 5
  • 15
5
votes
3 answers

How to decrypt a 'clear text YAML file' with vaulted variable?

I'm using ansible 2.7.16. The ansible documentation says: Single Encrypted Variable As of version 2.3, Ansible can now use a vaulted variable that lives in an otherwise ‘clear text’ YAML file: notsecret: myvalue mysecret: !vault | …
Kleyson Rios
  • 2,597
  • 5
  • 40
  • 65
5
votes
2 answers

Is it possible to disable vault with ansible playbook?

For automated testing purposes, I'd like to disable the vault when executing ansible-playbook so that the encrypted variables are overridden in the tests. I've seen the --ask-vault-pass but not the contrary i.e. --no-vault-pass or the like. The…
Bruno Thomas
  • 1,179
  • 17
  • 31
5
votes
1 answer

Ansible Vault and encrypted variables using include_vars

I need to have a file with passwords stored and encrypted using ansible vault, I have created an encrypted file named 'passes' stored in group_vars with this content after decrypting: --- testvar: password I have created playbook file: --- - hosts:…
Chrzciciel
  • 79
  • 1
  • 7
5
votes
2 answers

Does ansible transfer files securely?

I'm using Ansible 2.2 to manage some cloud servers from my laptop. I want to transfer an OpenSSL private key to a specific location on one of the servers, to be used by nginx for TLS termination. Naturally, this is a file that should be kept secret,…
izrik
  • 918
  • 2
  • 9
  • 20
5
votes
4 answers

Ansible un-vault and template a file

I have a file on my local machine that I want to upload to a remote server, it contains confidential information that I don't want exposed in my VCS. It also has some text I need to replace dynamically in it (at the moment as Jinja2 placeholders…
James
  • 1,237
  • 4
  • 22
  • 43
1
2
3
13 14