Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
2
votes
2 answers

Ansible playbook - environment variables

I am trying (newbie) to setup a playbook, which will use lookup plugin to fetch secrets from vault (https://github.com/jhaals/ansible-vault), but it will fail on missing environment variables every time. Can anyone help? Thanks for the help. PS:…
MUHAHA
  • 1,597
  • 2
  • 16
  • 25
1
vote
0 answers

Is it possible to add a password to the "become: true" method in a Ansible playbook?

I have a question regarding the use of become: true. I have been researching for a while if there is a way to run the tasks as sudo. I don't want to give -k -K when I run the playbook or something like that. My playbook should run automatically with…
noah.scherrer
  • 13
  • 3
1
vote
1 answer

Ansible multipassword passfile does not decrypt correctly

I have the following playbook: --- - hosts: all vars_files: - files/test1/.env - files/test2/.env - files/test3/.env roles: - role: test1 - role: test2 - role: test3 All those .env files are encrypted using different…
anonymous
  • 1,320
  • 5
  • 21
  • 37
1
vote
2 answers

Ansible Roles and vars/vault.yml file

I usually use encrypt_string for encrypting secrets in my ansible roles but I have a new boss and he insists on encrypting the whole file but I cannot not seem to get that to work with an Ansible role. Here is a simple example that illustrates what…
Red Cricket
  • 9,762
  • 21
  • 81
  • 166
1
vote
1 answer

Is there a way to set an Ansible encrypted var and preserve all special characters?

I have a variable set in an encrypted ansible vault yaml file which has multiple special characters, including < { , " ' [ and %. my_var:
user3155618
  • 359
  • 1
  • 5
  • 14
1
vote
1 answer

Ansible Task Using 'ansible.builtin.unvault' lookup

The ansible code below takes an ansible vault (vault.yml) and then uses the ansible.builtin.unvault lookup to retrieve and save the entire vault as the variable full_vault. The output of the debug shows the code in json. This code is working as…
Eric P
  • 151
  • 2
  • 6
1
vote
1 answer

How do I specify encrypted strings in molecule group_vars? (could not determine a constructor for the tag '!vault')

I have these encrypted strings in my role's var/main.yml file ... --- # vars wiki_password: !vault | $ANSIBLE_VAULT;1.1;AES256 63343237 ... omitted for brevity ... ... and everything works fine. BUT I was told that I need to…
Red Cricket
  • 9,762
  • 21
  • 81
  • 166
1
vote
1 answer

Passing password from vault to unix script

I'm new to ansible. I'm trying to pick the passwords out of a vault file and pass them to a unix script. Created oem_vault.yml under group_vars/all ansible-vault edit groups_vars/all/oem.yml oem_vault: user: sysman password: XXXXXXXXXX 2. create…
user2346372
  • 27
  • 5
1
vote
0 answers

Decryption failed (no vault secrets were found that could decrypt) on (../secrets.json)

I have a playbook where I want to copy a vault-encrypted json file (and unencrypt on the way) to a raspberry. I encrypted the file using ansible-vault encrypt secrets.json Viewing and decrypting works, also running the playbook with…
telegott
  • 196
  • 1
  • 10
1
vote
1 answer

How do I store 'ansible' hosts credentials in a different file using 'ansible-vault'?

Right now my inventory file looks like this: (using password-based authentication) [testvm] 104.231.213.32 ansible_user=worker ansible_password=Worker@12345 52.176.22.203 ansible_user=worker2 ansible_password=Worker2@12345 How do I store the…
Sidharath Bansal
  • 23
  • 4
1
vote
1 answer

ansible-playbook without --ask-vault-pass?

How can I skip entering the vault password for an ansible playbook? I run the playbook with --ask-vault-pass option, but I do not want to keep entering the vault password every time.
Timur Shtatland
  • 12,024
  • 2
  • 30
  • 47
1
vote
2 answers

playbook-valut error: Please pip install hvac to use the hashi_vault lookup module

- name: Vault Test set_fact: msg: "{{ lookup('hashi_vault', 'secret=secret token=token url=https://address')}}" I hava a error when run this palybook: fatal: [*****]: FAILED! => {"msg": "An unhandled exception occurred while running the…
mario xu
  • 11
  • 1
  • 2
1
vote
1 answer

How can I specify multiple users and passwords in Ansible vault file?

I have created hosts: sudo cat /etc/ansible/hosts [Prospectorium] 192.168.1.50 [Scholarium] 192.168.1.60 [Bulwark] 192.168.1.70 And a playbook that should update those servers: sudo cat /home/overlord/ansible/apt.yml - hosts: all become: yes …
Lord M
  • 67
  • 1
  • 10
1
vote
0 answers

Using Ansible to decrypt remote files?

Maybe it's a silly question but... I would like to have an Ansible task that simply decrypts some remote files that have been encrypted with ansible-vault I had in mind to use the copy module with the option decrypt: yes but it is not working for me…
naeroy
  • 77
  • 8
1
vote
1 answer

Ansible-Vault conf file not being decrypted when running playbook

I'm working on this ansible playbook to sign certificates. Inside the playbook I use a conf file with an api key inside to hide the key I have encrypted the file with ansible vault. The problem with this is when I run the playbook, it errors out…
jamesc
  • 53
  • 8
1 2 3
13 14