- A Cloud Guru
Securing a Playbook with Ansible Vault
Information is power, and keeping power in the proper hands is important for every system administrator. One method of doing it is by encrypting files that have sensitive information, like passwords, in them. This is especially important when doing something like using `git` to keep playbooks managed. This lab will help practice doing this and working with Ansible. *This course is not approved or sponsored by Red Hat.*
Table of Contents
Write the Playbook to be Encrypted
Note: Please wait an extra minute after the lab starts to make sure all the resources for the lab are ready.
dba-pass.yml, should look similar to this once we're done editing it:
--- - name: Deploy DBA password file hosts: dbservers become: yes tasks: - name: Create and pgapass file lineinfile: line: 'LinuxAcad' create: yes owner: dba group: dba mode: 0600 path: /home/dba/.pgpass
Encrypt the Playbook
To encrypt the playbook, we'l run this:
ansible-vault encrypt dba-pass.yml
Give a password, then confirm that password, and do not forget that password.
Now if we try to read that file (cat
dba-pass.yml) we'll get a bunch of useless numbers across the screen.
Run the Encrypted Playbook
To run this encrypted playbook, we'll use this command:
ansible-playbook --ask-vault-pass dba-pass.yml
Once we supply the vault password, Ansible will run the playbook just like it would any other.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.