Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Prerequisites
- pip install cryptography
- # Create the file
- The `EDITOR` const is optional, but I use to show how to force the use of
- an editor instead of another.
- Before creating the vault you will be prompted 2 times for the password.
- cd <where you will have the main yml playbook/role file>
- EDITOR=nano ansible-vault create vars/main.yml
- # Example of the `vars/main.yml` file
- This folders and the related file must be created under the root of the ansible project; so the `vars` folder must be in the same level of the playbook, or of the `roles` folder
- --
- desktop_username="mymailisnotdifferent@yahoo.it"
- desktop_password="0hMyGoat!"
- > Warning ! Copy/Pasting from previous snippet could bring the wrong quotes !! Manually check that you are using the standard double quote char and _not the typographic" version;_.
- Usin `nano`, you must `Ctrl-O` + `Ctrl+X` to save; using `vi` you must write `:wq` aftter pressing `ESC` key.
- _The file will be automatically crypted when you end_
- # Show the _encrypted_ content of the vault
- cat ./vars/main.yml
- This command show the file _in the actual crypted version_, for example:
- $ansible_vault;1.1;aes256
- 35353531656635363966396361396632626435623935363337346438646534303735336633663966
- 6433313635306336643366346265323332393931313364300a313939306666396531303763313135
- 32323339333432653137623833333636383437303138316565363037336463393933386663353831
- 6633616530303535610a323130393462366430353263303733653961376333653435626263353533
- 30623535353932306233313963626339633561343865333337343064316635303962383730633763
- 39393331656436386538323065366464336261343961396135363561373935356136336166613535
- 31636561643462663461393261316663363431303439393036343861313332393165346538383262
- 34393138316162396361
- # Show the _decrypted_ content of the vault
- The following command shows you the file content, after you succesfully entered the password. _This command do not alter the file, it will remain encrypted_
- ansible view ./vars/main.yml
- For example ...
- --
- desktop_username=”mymailisnotdifferent@yahoo.it”
- desktop_password=”0hMyGoat!”
- # Example of how to use the vault's vars in a playbook
- tasks:
- - name: 'Include some additional variables'
- tags: 'debug'
- include_vars: main.yml
- win_get_url:
- username: "{{ desktop_username }}"
- password: "{{ desktop_password }}"
- ....
- **Please Note:** `include_vars` must be used on the task level; also the `include_vars` is assuming the existence of the folder `vars`at the same level of the playbook, and that the `main.yml` file is inside of it.
- # Avoid to enter password every time
- Create a plain text password file, but _please keep it deleted, ignored via .gitignore, and away from customer's or coworkers' eyes_.
- See the directive `DEFAULT_VAULT_PASSWORD_FILE` in the `/etc/ansible/ansible.cfg`, actually is at row 130, but obiously this row number will change.
- vault_password_file = /home/realtebo/.password
- So you can run
- ansible-playbook <host_pattern> <playbook_file.yml>
- without entering the password at all!
- :)
- Comments are very appreciated!
Add Comment
Please, Sign In to add comment