Ansible terminology — What is an Ansible Vault?

How to store variables and files in an encrypted way using the ansible-vault command line utility.

Luca Berton

--

What is an Ansible Vault?

How to store variables and files in an encrypted way.

I will show you a live demo with some simple Ansible code.

I’m Luca Berton, and welcome to today’s episode of Ansible Pilot.

Ansible Vault

Ansible Vault encrypts variables and files to protect sensitive content and lets you use them in Playbooks, Roles, and Collections.

Ansible Vault stores variables and files encrypted and lets you use them in Vaults or roles. The cipher used to protect files is AES 256 in recent versions of Ansible.

Links

demo

I will show you how to encrypt one password using the ansible-vault command line utility.

Let’s assume that the password is currently stored in a single Ansible file (YAML) called plain-to-encrypted.yml.

code

  • plain-to-encrypted.yml
---
password: mysupersecretpassword

encryption

I’m going to encrypt the source file using the ansible-vault command:

ansible-vault encrypt plain-to-encrypted.yml 
New Vault password:
Confirm New Vault password:
Encryption successful

before

$ cat plain-to-encrypted.yml 
---
password: mysupersecretpassword

after

$ cat plain-to-encrypted.yml 
$ANSIBLE_VAULT;1.1;AES256
32303838636131363238666462336132613234323239316136336164343638653532306536306462
3933646539656462396264666232636133663831613463390a653638663934393761616636643638
34383235323539323366616361363664343462616265343333346162303633373333643637323066
3063343037366364300a356434653461316234323830333737656563623030383631663937363931…

--

--

Luca Berton

I help creative Automation DevOps, Cloud Engineer, System Administrator, and IT Professional to succeed with Ansible Technology to automate more things everyday