In this video we are going to learn how to use Ansible Vault. Ansible Vault is primarily useful where you want to store confidential data in a public / possibly-not-very-private source control system.
Personally, I do not find much use for the Vault. In my setup, my
group_vars, and certain Role
default.yml files contain sensitive information. Primarily this relates to User details - passwords being the biggy.
As covered in the previous video, any passwords I use will have been passed through the
mkpasswd function, and already be encrypted. As such, storing them in my set up is secure enough - for me. Your requirements may well vary, and as such, for how easy it is to use Ansible Vault, it seems foolish not to cover it.
The official Ansible documentation for Vault covers the main methods:
You can see a demonstration of each of these steps in the first half of the video.
Once our data has been encrypted, using playbooks that contain encrypted data involves an additional option being passed into our
From the docs this looks like:
ansible-playbook site.yml --ask-vault-pass
However, in the real world, should we have encrypted our
group_vars then your command would likely look more like this:
ansible-playbook common-playbook.yml -i hosts -l target -k -K -s --ask-vault-pass
Upon running this command, you will be prompted for the usual passwords (SSH, and sudo), and then the Vault password.
It's not possible to encrypted only values. Or to put it another way, you can only encrypt entire files. I dislike this as it makes the files inherently less useful to me -
greping becomes impossible for example.
You can only have one Vault password per Ansible playbook. That is, everything in this playbook run must use the same Vault password.
For me the cons of using the Vault currently outweigh the pros.
I can live with my hashed passwords being stored inside unencrypted var files for my personal development projects.
For client work I do use the Vault. If you value your clients, I would suggest you do too.
If you have found this video helpful, please consider sharing. I really appreciate it.
|1||How To Install Ubuntu Server in Oracle VirtualBox||10:21|
|2||How to Rename our Ubuntu Server||02:00|
|3||Installing Ansible on Ubuntu Server||00:33|
|4||Safety First, Safety Second - Snapshots are like Ctrl+Z||00:11|
|5||Managing the Ansible Inventory Hosts File||02:16|
|6||Ansible Ad Hoc Commands||04:27|
|7||Introduction to Ansible Playbooks||02:14|
|10||Git Your Deploy Just Right||05:34|
|12||Looping in Ansible with_items||04:34|
|13||Ansible Files For Beginners||06:14|
|14||Variable Precedence - Where To Put Your Role Vars?||04:13|
|16||Ansible Inventory With Our Own Hosts Files||06:57|
|17||How to Manage Users with Ansible||08:32|
|18||Ansible Vault Tutorial||03:48|
|19||Ansible Galaxy Tutorial||10:03|
|20||Real World Ansible - Common Role Walkthrough||06:19|
|21||Ansible MySQL Tutorial||13:44|
|22||Ansible Symfony and nginx||09:37|