Ansible Vault Variables — a Tiny Demonstration to Handle Secrets

ansible-vault encrypt_string
New Vault password: <---- you enter your password
Confirm New Vault password: <---- you re-enter the password
Reading plaintext input from stdin. (ctrl-d to end input)
Hello World <---- This is our confidential data
!vault |
$ANSIBLE_VAULT;1.1;AES256
63353565323632376235366164613530666536653063323762363833376637386262363737386636
3531393131633962336161356561666561366238356162310a653637393963636136393464306635
37363964633832313833346538383262653635653930346263336538326438633764313936666533
3564643232333065310a353735333737383832333033336665633165623161343736353438386430
6466
Encryption successful
- name: Vault Demo
hosts: localhost
gather_facts: false
connection: local
vars:
notsecret: Hello123
mysecret: !vault |
$ANSIBLE_VAULT;1.1;AES256
63353565323632376235366164613530666536653063323762363833376637386262363737386636
3531393131633962336161356561666561366238356162310a653637393963636136393464306635
37363964633832313833346538383262653635653930346263336538326438633764313936666533
3564643232333065310a353735333737383832333033336665633165623161343736353438386430
6466

tasks:
- name: Public
debug: msg="Public info..{{ notsecret }}"
- name: Secret
debug: msg="Secret info.. {{ mysecret }}"
ansible-playbook play.yml --ask-vault-pass
ansible-playbook play.yml  --vault-password-file ./play-vault-pass.txt

Sreeprakash Neelakantan

Written by

AWS Certified DevOps Engineer & Solutions Architect Professional — Docker | Kubernetes | DevOps — Trainer | Running | Swimming | Cycling

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade