Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
1
vote
2 answers

Ansible Vault Password in variable

Is there a way to access the vault password as a variable in an Ansible playbook? I am looking for something like this: --- debug: var=ansible_vault_password
Thomas
  • 793
  • 1
  • 8
  • 16
1
vote
1 answer

Creating an ansible-vault from ansible

Can I create a ansible-vault file from within ansible? I am creating a deployment package for another server (to be run locally) from ansible and I want to encrypt sensitive data (the key itself is transferred over a different channel). Does…
Nathan
  • 7,099
  • 14
  • 61
  • 125
1
vote
1 answer

Ansible playbook with vault file

I'm attempting to run a playbook using a vault file, according to the docs by using the --vault-password-file option. Here is my command: sudo -u ubuntu -H sh -c "cd ~/overseer; ansible-playbook generate_keys.yml -l mgmt --vault-password-file…
ddavison
  • 28,221
  • 15
  • 85
  • 110
1
vote
1 answer

Ansible Vault - .json not unencrypted

I have a .json file which I have successfully encrypted with ansible vault: { "database": { "username": "root", "password": "mypassword", "host": "127.0.0.1:3306", "name": "database" } } Encrypted with: ansible-vault encrypt…
Elliot Reeve
  • 901
  • 4
  • 21
  • 39
0
votes
1 answer

Ansible Vault: Including the password of file within the playbook

I need to run a Playbook with Inventory file, which is password protected. I know that we can give password by prompt (when running the playbook) or using secret file which have the password of inventory. My question is "is there a way to specify…
Arun Swiftz -1
  • 5
  • 2
0
votes
2 answers

Ansible Vault Passwords Exposed in Plain Text During Execution

I am actually using Ansible to create user, with passwords stored in an Ansible Vault. However, I've encountered an issue where the passwords, despite being in the Ansible Vault, are displayed in plain text in the console output during playbook…
Mrbibi38
  • 38
  • 5
0
votes
1 answer

ansible-vault with multiple ids and macOS keychain

My goal is to use ansible-vault with multiple IDs (e.g. dev and prod) and retrieve the correct password (for dev or prod) from macOS keychain. I have tried many configuration combinations, but the most promising seems to be what I describe here.…
Andreas
  • 71
  • 6
0
votes
1 answer

How can I write vault encryped string »as is« to a file without being ask for the vault password?

Within a playbook I am created a key pair. I want to store both keys. To do that I want to encrypt them using ansible vault. So the playbook look like that: - name: Generate ECDSA Keypair openssh_keypair: path: "{{ ssh_key_file }}" type:…
philipp
  • 15,947
  • 15
  • 61
  • 106
0
votes
0 answers

Failed to parse ansible vault password in hosts.txt file with ini plugin

My hosts file was working fine when I use a normal ansible password. But when I switched it to ansible vault password, I get these errors: [WARNING]: * Failed to parse /var/lib/awx/projects/Windows/hosts with yaml plugin: We were unable to read…
Whaily
  • 39
  • 6
0
votes
0 answers

Ansible SSH user/pass Invalid Argument -> host unreachable Solution, but why?

I change the default SSH Port in a (still) user/pass setup. After the port change and client-reboot, Ansible cannot connect any more and displays a fatal with invalid argument. I run this from Windows -> WSL.Ubuntu I figured out, the error can be…
Max
  • 395
  • 1
  • 3
  • 12
0
votes
0 answers

Make ansible reprompt for password if `--ask-vault-pass` entered password does not decrypt?

When I use --ask-vault-pass and enter the password correctly. The playbook works. When I use --ask-vault-pass and enter the password incorrectly. The error msg: Decryption failed (no vault secrets were found that could decrypt) and the playbook…
Dave
  • 727
  • 1
  • 9
  • 20
0
votes
1 answer

Dynamically fetching passwords from ansible-vault in a playbook

I struggle with fetching a variable from vault file. I know there are many useful information here on stackoverflow already. The reason for opening a new question is because it's a special workflow in my playbook. I'm open for constructive critic to…
dbalucas
  • 9
  • 1
  • 5
0
votes
1 answer

Reading and decoding bytes after modification by external process raises UnicodeDecodeError

I'm trying to encrypt a string with ansible-vault. To do this, I open two temporary files, one to hold the value to be encrypted and one to hold the password to encrypt with. Reproducible example: import os import subprocess import tempfile value =…
Tadej Gašparovič
  • 17
  • 4
0
votes
2 answers

Ansible + Python - Programmatically provide ansible-vault the vault password

I followed the tutorial provided here : Editing Ansible vault file from a playbook to create the ability to programmatically update my ansible vaults. Let's say though this is part of a much larger pipeline, where it unreasonable to expect the end…
Jibril
  • 967
  • 2
  • 11
  • 29
0
votes
2 answers

Ansible: How do I link Variables, stored in a Vault to a specific host?

I want to encrypt my host credentials in a central secrets.yml file. How can I tell Ansible, to use the variables? I tried with this setup: host_vars/test.yml ansible_user: {{ test_user }} ansible_become_pass: {{ test_pass }} secrets.yml #…
liegendeacht
  • 1
1 2 3
13 14