Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
1
vote
0 answers

Error with ansible vault and github action (Error in vault password file loading (default): Vault envelope format error: list index out of range)

I obtain an error when I use vault file in GitHub Action. I checked my vault file, yet it seems valid. The playbook works locally, but not with the CI of github Action Error in vault password file loading (default): Vault envelope format error: list…
Sacha Durand
  • 473
  • 1
  • 5
  • 11
1
vote
1 answer

look up variables and change them from an ansible vault dynamically

I am new to ansible and I have problems when I want to replace variables in a configuration file. The case is that I have tags in this file to be replaced by the value found in ansible-vault that has the same name as the tag in the configuration…
Dalio141
  • 101
  • 1
  • 1
  • 7
1
vote
1 answer

Ansible - properly encrypting/decrypting and using file content (not YAML)

So I created encrypted key using ansible-vault create my.key. Then I use it as var: my_key: "{{ lookup('file','{{ inventory_dir }}/group_vars/my.key') }}" And then when running my playbook, like this: - name: Create My Private Key …
Andrius
  • 19,658
  • 37
  • 143
  • 243
1
vote
0 answers

how to get the password from ask-vault-pass as fact to use it inside a playbook

Is there a way to use the password given in ask-vault-pass inside a playbook. example, assuming I give test123 as vault password and the ask-vault-pass is saved in a fact called "ANSIBLE_VAULT_PASSWORD": ex: $: ansible-playbook -l myhost…
user2807191
  • 11
  • 1
1
vote
0 answers

Ansible The field 'password' has an invalid value, which includes an undefined variable

I have a problem when i try to launch ansible with this command: ansible -i /etc/ansible/hosts -m ping 10.0.0.4 --vault-password-file /etc/ansible/.lorem outpout: 10.0.0.4 | FAILED! => { "msg": "The field 'password' has an invalid value, which…
BlueStraax
  • 103
  • 3
  • 11
1
vote
1 answer

How to use `ansible-vault` `--output` to write the encrypted content to a file?

I'm using ansible-vault 2.10.5. According to the encrypt_string documentation, I can use --output to save the encrypted result. The doc says: --output output file name for encrypt or decrypt; use - for stdout But I tried several…
yaobin
  • 2,436
  • 5
  • 33
  • 54
1
vote
0 answers

Use ansible vault passwords for ask-become-pass and ssh password

I would like to use ansible vault passwords for the ssh and become passwords when running ansible-playbook. This way I dont need to type them in when using the parameters --ask-become-pass or the ssh password. Problem: Every time I run my…
Dave
  • 727
  • 1
  • 9
  • 20
1
vote
0 answers

Ansible: ask vault password on demand (only if required)

I have multiple roles. Each of them has it's own vault encrypted by a unique pass. I include vault in each role by using: include_vars: vars/encrypted.yml in playbook tasks. To be able to decypt the data I have to put each VaultID to ansible.cfg or…
Alessandro Cattaneo
  • 11
  • 1
1
vote
1 answer

Ansible vault passwords appears in log if task fails

I am using ansible vault to store my passwords , Its working wonderfully. Issue I have is when any task fails it shows those passwords in logs. How Can I hide these passwords in all the situations? This is my sample task - name: Run python script…
megha
  • 621
  • 2
  • 11
  • 36
1
vote
1 answer

Is it possible to parse encrypted Ansible vault values from a dynamic inventory in a playbook?

I have a dynamic inventory set up which pulls hosts and their variables from a MySQL database. The dynamic inventory itself is working perfectly. Some of the variables inside the inventory are sensitive so I would prefer not to store them as plain…
SpongeBobPHPants
  • 641
  • 7
  • 19
1
vote
2 answers

Using Ansible become password in a task

My playbook is invoked with --ask-become-pass. The become password is supplied via an environmental variable on the Control machine. Everything is working just fine for the many tasks I have which require privilege escalation. However, there's one…
mc7h
  • 202
  • 2
  • 8
1
vote
2 answers

How to check if an encrypted variable is decrypted?

I have an Ansible encrypted variable. Now I'd like to be able to run my playbook even when I don't unlock the variable (with --ask-vault-pass) and just skip the tasks that depend on it. Ideally with a warning saying that the task was skipped. Now…
Petr
  • 62,528
  • 13
  • 153
  • 317
1
vote
1 answer

How to pass a vaulted yml-file as extra vars?

Couldn't find anything about this. I need to pass a vaulted variable file as extra vars, i.e.: ansible-pull -U -f -C master -d -i hosts --clean --vault-id -e @ Seems like it cannot find the…
apm
  • 11
  • 1
1
vote
1 answer

Ansible task with git module fails with ' and could not be converted to an dict.The error was: need more than 1 value to unpack\n'

been developing a simple ansible-playbook, one of the tasks is to run a git pull to a folder, yesterday it was working perfectly, committed and then rebooted mi pc to windows (from ubuntu). After rebooting with ubuntu again and running the playbook…
paltaa
  • 2,985
  • 13
  • 28
1
vote
1 answer

Encrypting ansible vault-password-file

can we able to encrypt ansible vault-password-file too? cause the vault password will be exposed to some hackers if we placed in a password file? is there any way to provide security to the vault-password-file
Chennakesava C
  • 25
  • 5
1 2 3
13 14