Stack Overflow
Stack Overflow

Questions tagged [ansible-vault]

Use this tag for questions regarding the usage of Ansible Vault for protecting data for playbooks and roles.

Ansible Vault is a feature and an executable program (ansible-vault) in Ansible family, allowing encryption of variable files, as well as tasks and handlers.

198 questions
91
votes
22 answers

How to decrypt string with ansible-vault 2.3.0

I have been waiting for ansible 2.3 as it was going to introduce encrypt_string feature. Unfortuately I'm not sure how can I read the encrypted string. I did try decrypt_string, decrypt (the file), view (the file) and nothing works. cat test.yml…
MMT
  • 1,931
  • 3
  • 19
  • 35
82
votes
6 answers

Ansible: How to encrypt some variables in an inventory file in a separate vault file?

The settings Consider an Ansible inventory file similar to the following example: [san_diego] host1 host2 [san_francisco] host3 host4 [west_coast] san_diego san_francisco [west_coast:vars] db_server=foo.example.com db_host=5432 db_password=top…
Adam Matan
  • 128,757
  • 147
  • 397
  • 562
44
votes
5 answers

How to diff ansible vault changes?

I'd like to see the actual git commit changes in the ansible vault file. Is there an easy way how to achieve this?
Ikar Pohorský
  • 4,617
  • 6
  • 39
  • 56
31
votes
3 answers

How to store ansible_become_pass in a vault and how to use it?

I am a newbie to ansible and I am using a very simple playbook to issue sudo apt-get update and sudo apt-get upgrade on a couple of servers. This is the playbook I am using: --- - name: Update Servers hosts: my-servers become: yes …
CristianCantoro
  • 722
  • 1
  • 7
  • 17
22
votes
3 answers

Use multiple var files in ansible role

One of my roles has two different variable types. One is public (things like package versions and other benign information). These can be committed to SCM without a worry. It also requires some private information (such as API keys and other secret…
ahawkins
  • 1,164
  • 1
  • 10
  • 15
19
votes
1 answer

how to use include_vars in ansible

I have created my own custom library, I added my custom library in the common folder of my repository. In that I need to pass variables dynamically. It's a confidential password, so I am using "vault" in ansible. In that my requirement is how to…
jake
  • 333
  • 1
  • 4
  • 12
17
votes
3 answers

How can I ignore failures to decrypt a vaulted file?

I have two roles, one of which has a group_vars file that is vaulted, and another that is not. I would like to run the role that does not require any vaulted information, but ansible prompts me for a vault password anyway: $ tree ├──…
Shepmaster
  • 388,571
  • 95
  • 1,107
  • 1,366
15
votes
7 answers

How to view/decrypt Ansible vault credentials files from within a Python script?

I'm trying to figure out how to provide the following facilities to a Python script so that it can: Import Ansible Python modules Open up my defined ansible.cfg and read vault_password_file variable Read vault_password_file and temporarily store in…
slm
  • 15,396
  • 12
  • 109
  • 124
14
votes
4 answers

How to automatically pass vault password when running Ansible playbook?

I have an Ansible playbook with vault, and I want to ask for vault password through the prompt box in my web interface and then pass the posted password when running ansible playbook. I tried to use: echo $password | ansible-playbook test.yml…
snow
  • 141
  • 1
  • 1
  • 3
13
votes
3 answers

Inline encrypted variable not JSON serializable

I'm trying to understand how to encrypt single variables with vault. First I encrypt the string with ansible-vault encrypt_string -n -p, then I write the output into my playbook. When I execute the playbook it says that the decrypted string isn't…
HermanTheGermanHesse
  • 541
  • 9
  • 25
9
votes
1 answer

ansible vault encrypt string

I'm trying to encrypt some password but would like to encrypt just part of the string instead of the whole file. So there is a command ansible-vault encrypt_string which provide you an encrypted output however when I'm adding it to my .yaml playbook…
user3574248
  • 167
  • 1
  • 3
  • 10
9
votes
2 answers

Is it possible to have multi password with vault

I have a deployment project that I share with other teams. I have encrypted my secrets with vault. I would like to encrypt the production file with a password and a staging file with an other password to avoid other teams having access to production…
elhostis
  • 1,067
  • 14
  • 32
8
votes
1 answer

Ansible Tower (AWX) - using secure variables in a playbook?

Greeting everyone, I've recently started messing with Ansible (in particular Ansible Tower). I ran into an issue using secure values in my playbook, more accurate, I didn't understand how to use it correctly. Compared to Chef-Infra, you could use…
Yehonatan G
  • 85
  • 1
  • 1
  • 7
8
votes
1 answer

How can I edit ansible-vault encrypted files in visual-studio-code?

I am using the command line tool ansible-vault and try to edit an encrypted file. EDITOR=code ansible-vault edit test.txt It is expected that code opens with the decrypted content in the editor. After saving ansible-vault should decrypt the…
Andy Pah
  • 251
  • 2
  • 5
8
votes
1 answer

Can 'extra_vars' receive multiple files?

According the Ansible documentation defining variables at runtime, it says I can load variables from a file. ansible-playbook release.yml --extra-vars "@some_file" However, in my case I have two files containing extra variables for my playbook…
paperclip
  • 650
  • 2
  • 8
  • 23
1
2 3
13 14