using_secrets.rst

Working With Ansible Vault

based on:

https://gist.github.com/tristanfisher/e5a306144a637dc739e7 https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html

Creating Variables

nano vault.yml

web_pass: "admin"
ssh_pass: "default"

encrypt your hosts vault file

ansible-vault encrypt vault.yaml

Note

this will prompt for a password to the vault

accessing your variables in a playbook

example:

- name: test vault
gather_facts: no
hosts: "vault"
vars:
    provider: "{{ hostvars[inventory_hostname]['provider'] }}"
    vault: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vault.yml"
tasks:
    - set_fact:
        webpass_out: "{{provider.webpass}}"
        sshpass_out: "{{provider.sshpass}}"
    - debug:
        msg: "{{webpass_out}},{{sshpass_out}}"

folder structure:

host_vars
  test_vault
    vars.yml
    **vault.yml**

files:

vars.yml

provider:
  webpass: "{{ web_pass }}"
  sshpass: "{{ ssh_pass }}"

vault.yml

$ANSIBLE_VAULT;1.1;AES256
63316530363438666564643764323633376538616130323238373166353334366162646537646433
6164663434333765616363336264623032396363383539350a386330623665333335393766636139
63396434396338373364313137393164396565373430303331613834306163353264313765353739
3364366466323137610a666437666233393032353434306464313261626238393639393564343537
32343539326233303962613664333436376239353965306535363830356636616337663964636635
6631323862643061383966363935656438313566626366396166

propmpt for pass:

ansible-playbook test.yml --ask-vault-pass

pass from file:

ansible-playbook test.yml --vault-password-file ~/.vault_pass.txt