Ansible - Encrypt a property (password, private key)

Card Puncher Data Processing

About

How to encrypt a string property with ansible-vault

If you want to decrypt it back, see Ansible - Decrypt a property (password, private key)

Syntax

From a literal

  • In line String
ansible-vault encrypt_string [--prompt] [options] string_to_encrypt

From a file

  • String from a File content
cat file | ansible-vault encrypt_string [--prompt] [options] 

You can encrypt a private key this way for instance.

Example

With a executable passwordFile and without label

  • First create a file that will store the Ansible vault passphrase
#!/usr/bin/env bash
echo myVaultPassord
  • Encrypt with a Vault Id which is here only a password and no label
ansible-vault encrypt_string --vault-id passwordFile.sh 'password' 
# If you want to have the property name in the output, you can add it as parameter
# --name 'property_name'
property_name: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62386330373731643635353932343165306363336336373739316531366536323437396639313033
          6139356564646365303132373830623737356535663434350a613861646230343430396462333465
          38363831353565336537636633616438383230313237316133366631363932623632313236383262
          3238363861363133380a303030653165613538633731353065623366613162656166366563636238
          3533
Encryption successful

With a executable password file and with label

With a executable password file and with vault label

#!/usr/bin/env bash
echo myVaultPassword
  • With the label dev for instance
ansible-vault encrypt_string --vault-id [email protected] 'foobar' --name 'the_secret'
  • In the value, we can see the dev label coming back.
the_secret: !vault |
          $ANSIBLE_VAULT;1.2;AES256;dev
          32623539663635343531646264366163303738326632613535376633653865643333353536623832
          6136313230363737316465623963326237653063336666310a356137333139323130393933373537
          61623432663236313137303561333830396566613030383431666662326632653333323730316638
          6661353435323536650a376662313430646634643763653766616565326661303438653233656366
          3461





Discover More
Card Puncher Data Processing
Ansible - Ansible-vault

ansible-vault is a command line utility that permits to add/get sensitive data (file or property value) into an encrypted format called a vault Example of sensitive data: password private keys ...
Card Puncher Data Processing
Ansible - Decrypt a property (password, private key)

How to decrypt a property that was previously encrypted . Inline Copy the string in a file and use it as input
Card Puncher Data Processing
Ansible - Password

in Ansible Lookup password - Create a random password and store it in a file See
Card Puncher Data Processing
Ansible - Vault

A vault is the encrypted format of data through the combination of a label and a password known as vault id Encrypted data may be: a whole file or a property value This is available since Ansible...
Card Puncher Data Processing
How to perform File System operations (copy, exists, move, ) in Ansible?

This page shows you how to perform File system operations in Ansible. When looping through files, you can get the...



Share this page:
Follow us:
Task Runner