Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
4
votes
1 answer

Ansible group_vars variables

A best practice approach for this is to start with a group_vars/ subdirectory named after the group. Inside of this subdirectory, create two files named vars and vault. Inside of the vars file, define all of the variables needed, including any…
Ocean7
  • 41
  • 3
4
votes
1 answer

How do I properly encrypt a file from inside an Ansible Playbook?

I'm currently using an Ansible playbook to extract and then transfer a configuration backup from some network devices (a basic text file) to an external storage. I'd like to encrypt the configuration backups before sending them to their final…
avgvtvs
  • 73
  • 1
  • 7
4
votes
1 answer

What is the Ansible vault password file format?

I've been searching all over but there's not much on what should the Ansible vault password file look like. For example I would like to do: ANSIBLE_VAULT_PASSWORD_FILE=./pwdfile ansible-vault edit secrets.yml But have no idea what format ./pwdfile…
Martin Gergov
  • 1,556
  • 4
  • 20
  • 29
4
votes
4 answers

How to pass ansible vault password as an extra var?

I have the ability to encrypt variables using another mechanism(Azure pipeline secret feature), so I would like to save an ansible-vault password there(in Azure pipeline) and pass it to playbook execution as an extra var. May I know if it can be…
r0r0n0a
  • 173
  • 2
  • 2
  • 10
4
votes
1 answer

How can I provide the SSH user passwords for a set of hosts in ansible using vault

Considering the following Ansible hosts file: [webservers] server1.example.com ansible_ssh_pass=1234567 server2.example.com ansible_ssh_pass=2345678 server3.example.com ansible_ssh_pass=3456789 I would like to include these password values…
Gabriel Petrovay
  • 20,476
  • 22
  • 97
  • 168
4
votes
1 answer

Ansible Vault inline variable with to_nice_json: Unexpected templating type error occurred...not JSON serializable

I typically configure my projects by settings configuration variables in vars/main.yml and rendering a subset of those out to a JSON via to_nice_json. Consider an example of the vars/main.yaml like the one below: # Application Configuration…
somada141
  • 1,274
  • 2
  • 18
  • 25
4
votes
1 answer

How can I use an ansible-vault encrypted password in inventory file?

I want to use encrypted passoword in my inventory file with ansible-vault, then run playbooks against that file. Something like: ansible-playbook --ask-vault-pass -i inventory test.yml I tried for single password for all the hosts and it worked…
va1bhav
  • 365
  • 1
  • 5
  • 21
4
votes
1 answer

Encode slash / in Ansible YAML file

When storing randomly generated passwords in an Ansible vault, I have no problems unless the password contains a / (slash, forward slash) According to Yaml Spec 1.2, when looking at printable ascii characters, I should escape double quote, backslash…
jdog
  • 2,465
  • 6
  • 40
  • 74
4
votes
0 answers

Git clean/smudge filters for ansible vault secrets

I am trying to setup clean/smudge filter in git to have automatic encrypting and decrypting of files containing secrets thru ansible-vault command. Peculiarity of the ansible-vault command is that it is not idempotent (it creates a different binary…
guido
  • 18,864
  • 6
  • 70
  • 95
4
votes
1 answer

Ansible vault doesn't save changes with Sublime Text

I'm running ansible 1.9.4 on OSX installed via pip. If I do ansible-vault create x, then make some changes and save, then the file appears blank whenever I do ansible-vault view x or ansible-vault edit x. I've got Sublime Text 3 as my $EDITOR. When…
joshua.paling
  • 13,762
  • 4
  • 45
  • 60
3
votes
1 answer

Can't correctly dump Ansible vault into yaml with Python

I have a python dictionary with an Ansible vault as a value. I can't seem to be able to correctly dump it into a yaml output with the correct formatting. I'm using the ansible-vault package to generate the encrypted data as follows: from…
Erik Venema
  • 67
  • 1
  • 5
3
votes
2 answers

use ansible-vault to encrypt multiple files at once

I am using the following structure to separate my host_vars into plaintext and encrypted ansible ├── ansible.cfg ├── host_vars │ ├── host1 │ │ ├── vars │ │ └── vault │ └── host2 │ ├── vars │ └── vault ├── inventory ├──…
pkaramol
  • 16,451
  • 43
  • 149
  • 324
3
votes
1 answer

Decrypt ansible variable

I have a scenario where I have the following encrypted variable in my inventory.yml vars: username: admin password: !vault | $ANSIBLE_VAULT;1.2;AES256;dev …
Sam Alex
  • 123
  • 1
  • 7
3
votes
1 answer

Re-use Ansible vault file in different groups

I want to extend my current Ansible project to also support Linux servers. For that I want to re-use the vault file I have created but I cannot seem to find a solution without duplicating the vault file. Here's what my current Ansible structure…
jansohn
  • 2,246
  • 2
  • 28
  • 40
3
votes
0 answers

Java-based solution to decrypt Ansible vault secret

We would like to make a java-based solution which can decrypt the secrets of Ansible vault, depending on this very clever blog We made a java test solution to check the working of the python code but the result of the first step wasn’t the…
thomas.m
  • 31
  • 3
1 2
3
13 14