Posted by: terryhowe | May 4, 2016

Ansible Vault Vars and Files

I’ve been talking a lot about Hashicorp Vault lately, but there is also regular old Ansible Vault.  Two of my favorite ways to use Ansible Vault are with include_vars and the file lookup.  With include_vars, you just need to encrypt your entire variables file:

ansible-vault encrypt roles/jenkins/vars/credentials.yml

The variables can be included in your task with no special decryption action:

- include_vars: "credentials.yml"

Similarly, the file lookup plugin automatically decrypts files completely. So, encrypt your certificate:

ansible-vault encrypt roles/project/files/ssl.cert

Use the file lookup plugin to decrypt it and upload it:

- copy: content="{{ lookup('file', 'ssl.cert') }}" dest=/project/config/ssl.cert mode=0400

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: