Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
3
votes
1 answer

How to use "become_pass" in an Ansible Playbook

I try to write an Ansible yml that reads the root-passwords from an encrypted vault-file and then pass it to become_pass: - hosts: sirius remote_user: ansusr become: yes vars_files: - vault_vars.yml …
may24x
  • 97
  • 1
  • 4
  • 9
3
votes
1 answer

Ansible check if file is encrypted by ansible-vault

I need to encrypt a file using ansible-vault. I would like to perform the encryption only if the file is not already encrypted by ansible vault. I am trying to use this task in my Ansible playbook: - local_action: command ansible-vault encrypt…
edesz
  • 11,756
  • 22
  • 75
  • 123
3
votes
1 answer

Ansible vault password in group_vars not detected

I am trying to use ansible-vault to secure a single Windows login password. I do not want to place hte password as plain text in my windows.yml file (see below) and so I am trying to use ansible-vault to secure/encrypt this password. I have this…
edesz
  • 11,756
  • 22
  • 75
  • 123
3
votes
0 answers

Pycharm edit a file in a tab opened with ansible-vault

I have ansible files that are encrypted using ansible-vault. I want to decrypt, edit, and save encrypted these files from within an IDEA IDE, in this case, pycharm. I have created an external tool in pycharm that will decrypt the files and open them…
Shawn Mehan
  • 4,513
  • 9
  • 31
  • 51
3
votes
2 answers

Ansible vault - best practice folder structure

I am trying to figure out the best practice folder structure to organize my vault variables. Currently it looks like this: . ├── group_vars/ │   ├── group1.yml │   └── group2.yml ├── host_vars/ │   ├── host1.yml │   └── host2.yml ├── roles/ │   └──…
cytopia
  • 413
  • 5
  • 15
3
votes
1 answer

How to run playbook api in Ansible v2 with vault

Here is what I have, I know this works without encryption and I can run ansible-vault edit common.yml with ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt set in the env. from collections import namedtuple from ansible.parsing.dataloader import…
user2363318
  • 1,039
  • 1
  • 12
  • 31
2
votes
1 answer

ansible ad-hoc command to check variable that's in ansible vault

I'm trying to check what value Ansible pulls for the variable datadog_agent_api_key that is currently stored in Ansible Vault file inventory/common/vault-common-vars.yml. ansible myhost.domain.com -i inventory/hosts.ini --connection=local -m debug…
Bill Ke
  • 21
  • 2
2
votes
1 answer

How to avoid ask-vault-pass parameter on Ansible

I would like to do something like ansible-playbook myPlaybook.yml -i myHostFile instead of ansible-playbook myPlaybook.yml -i myHostFile --ask-vault-pass
Alves Gustavo
  • 75
  • 6
2
votes
0 answers

ansible-vault-inline plugin not working in vscode

I just installed ansible-vault-inline plugin in vscode but it's not working as exxpected and giving following error when I press 'ctrl+alt+0' A system error occurred (spawnSync C:\windows\system32\cmd.exe ENOENT) Here are my plugin…
Nitesh Singhal
  • 79
  • 1
  • 1
  • 8
2
votes
1 answer

golang unmarshal yaml from a vault file

With the below code I can get the yaml from the Ansible vault file which results in: --- dbtype: redis vsad: go0v When attempting to unmarshal the YAML I get only: map[string]string(nil) My desired goal is to unvault the file, edit the data,…
Simply Seth
  • 3,246
  • 17
  • 51
  • 77
2
votes
1 answer

module user doesn't accept encrypt password generated by ansible-vault?

Recently I used 'user' module to create user with password provided in vars/main.yml - name: Create pamuser user: name: pamuser password: "{{ pamuser_pass }}" groups: wheel append: yes tags: pamuser Once run a playbook, it gives…
Banthita Limwilai
  • 181
  • 1
  • 2
  • 10
2
votes
2 answers

Ansible create encrypted file to an existing vault

I created an encrypted file with ansible vault like so: ansible-vault create encrypted-example-file1 It seems that ansible creates a new vault here, because it asks for new Vault password from me. That is ok, I gave a password for the new Vault to…
Ville Miekk-oja
  • 18,749
  • 32
  • 70
  • 106
2
votes
2 answers

How to use stored Ansible Vault passwords

I'm trying to figure out how Ansible-Vault passwords would've been used in a production environment. I've watched countless of vidoes and tutorials on how to use "Ansible-Vault", they have all conclude with the same thing: Encrypt your file with…
user17378
  • 123
  • 1
  • 5
2
votes
0 answers

How to diff Ansible vault changes using Mercurial?

This answer tells how changes in encrypted Ansible vault can be diffed when using Git. Is it possible to get same results when using Mercurial? I am using Mercurial 3.7.3 and Ansible 2.7.0.
Madoc Comadrin
  • 498
  • 1
  • 12
  • 27
2
votes
0 answers

How to share a vault between separate ansible project

I have 3 separate ansible project. Problem is, they all have their own vault, and I have to redefine some variable in common in all these vaults and change the variable everywhere every time. Is it a way to share a vault between ansible projects…
amdev
  • 3,010
  • 3
  • 35
  • 47
1 2 3
13 14