Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
1
vote
1 answer

How to define a script that provides the become password in ansible

I have successfully set up a vault_password_file that contains a script to read the password from Bitwarden. I want to do the same for the "become password" but don't see where and how that would be possible. The ansible.cfg…
berkes
  • 26,996
  • 27
  • 115
  • 206
1
vote
1 answer

Ansible ad-hoc command with ansible vault

I want to pass in a password to ansible. The pass is encrypted with ansible vault and I have it in a file and I have the ansible vault pass available for decryption. I need to use that decrypted password as ansible_password. So far I have: run.sh:…
David West
  • 2,256
  • 6
  • 32
  • 62
1
vote
1 answer

Best Ansible layout with multiple environments

I am utterly confused about how to manage multiple environments(prod/dev) with ansible. I am also using molecule to test locally. So here is my Project layout as of now. |----inventories/ | | | |--dev/ | | | | | …
Lukas B
  • 49
  • 1
  • 8
1
vote
2 answers

Ansible - Syntax to point a variable to a variable in a vault

Trying to use an ansible-vault to hold a sensitive password, but I can't find the right syntax to retrieve it in a playbook. The doc mentions (Emphasis mine): Next, copy all of the sensitive variables over to the vault file and prefix these…
Kinwolf
  • 755
  • 2
  • 14
  • 24
1
vote
1 answer

How to encrypt variables using Ansible Vault?

I'm trying to use encryption for my sensitive information like e.g passwords etc. The question is: How to use ansible-vault to encrypt variables and use them in playbooks? I know how to encrypt a string (shown below), but I don't know how I can…
Heihade1
  • 79
  • 3
  • 8
1
vote
1 answer

How to encrypt WIndows password in Jenkins and pass it to an Ansible job?

I have been trying to run an Ansible job from my Jenkins server onto a Windows host that is connected to a domain. I have tried the following for authentication. This first method works, but it has my password saved in plain text and I would like…
RaptorPete
  • 139
  • 12
1
vote
1 answer

Store password in Ansbile Vault and retrieve that key from Python script using API

I have a requirement where I should not store any passwords in the script files in plain text. So I have created an Ansible vault file called "vault.yml" which contains username and password. Is there some kind of API that I can use to look up this…
james koo
  • 43
  • 6
1
vote
0 answers

ansible-vault setup to handle the environment variables

Hello there thanks for helping me, I am trying the secure my environment variables (staging/production) using the Ansible-vault. and I need to give the encrypted data's in the knexfile.jslike this: production: { client: 'mysql', connection: { …
sethupathi
  • 81
  • 1
  • 3
1
vote
0 answers

Ansible vault single variable within ansible filters

I'm using this role to install google-cloud-sdk. There's a task with Activate service account name, which's using ansible filter from_json to get data from the GCE service account key. Since storing sensitive data in the git repo isn't a good…
d.ansimov
  • 2,131
  • 2
  • 31
  • 54
1
vote
1 answer

Using ansible-vault in "interactive mode" via bash script

I really love using ansible-vault on the command-line to encrypt/decrypt files easily. For example if I have a plaintext file called ~/fizzbuzz.foo with the following contents: bupo I can use this tool like so: ansible-vault encrypt…
hotmeatballsoup
  • 385
  • 6
  • 58
  • 136
1
vote
2 answers

Ansible vault shows decrypted values if playbooks executed with debug mode

I am using ansible vault to encrypt the password, but when I am using debug mode it shows the password as plain text. Consider below code Generate ansible-vault encrypted password ansible-vault encrypt_string 'abc123' --name ansible_ssh_pass >…
va1bhav
  • 365
  • 1
  • 5
  • 21
1
vote
1 answer

Ansible lineinfile not copying last line to server

I am trying to copy a secret Python settings file from a settings server to the production environment. Since the settings contains passwords I am using Ansible Vault. My playbook looks like this: --- - hosts: production tasks: - include_vars:…
Magnus Lundberg
  • 596
  • 1
  • 4
  • 17
1
vote
1 answer

Ansible: How to use regular and encrypted variables from dictionaries in group_vars?

I am trying to split my group_vars into unencrypted "vars" and encrypted "vault". As the official documentation is quite short, I followed a very thorough tutorial given here. With their example setup I can make it work. The vars file references…
smey
  • 13
  • 3
1
vote
1 answer

Ansible with "Alternative Directory Layout" and using vaults

I am trying to use the Alternative Directory Layout and ansible-vaults within. But when i run my playbook, variables which are vault encrypted could not resolve with that directory structure. So what iam doing wrong? I execute via: ansible-playbook…
nieg
  • 13
  • 3
1
vote
2 answers

Launch Ansible playbook containing vault file reference from jenkinsfile

I have a Jenkinsfile trying to launch an Ansible playbook which references some parameters stored in an Ansible vault encrypted file. Ansible is installed in version 2.4.0.0 Here is a snippet of my jenkins file: withCredentials([[$class:…
Lucas.de
  • 555
  • 8
  • 17
1 2 3
13 14