Last active
December 8, 2023 11:24
-
-
Save zeitounator/1aa9579f6875015033f723397b157eaa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ansible --version | |
ansible [core 2.16.1] | |
config file = None | |
configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] | |
ansible python module location = /home/user/.local/lib/python3.10/site-packages/ansible | |
ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections | |
executable location = /home/user/.local/bin/ansible | |
python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3) | |
jinja version = 3.1.2 | |
libyaml = True | |
$ tree | |
. | |
├── run_ansible.sh | |
├── test_encryption.sh | |
├── test_playbook.yml | |
└── test_var.yml | |
0 directories, 4 files | |
$ cat test_var.yml | |
test_var: toto | |
$ # I will use toto as password | |
$ ansible-vault encrypt test_var.yml | |
New Vault password: | |
Confirm New Vault password: | |
Encryption successful | |
$ # We can check the file is correctly encrypted | |
$ cat test_var.yml | |
$ANSIBLE_VAULT;1.1;AES256 | |
61393565363161666536326162346135613736623238393839636533336666333331343339646239 | |
3838333136343936613430373765383664383364333163620a383636343736373638396439306331 | |
36636562383561653737366661336364653037613938366164386364383134636238336431663261 | |
3466363236336564660a363935303863333734353863313031666334346338373034333561653731 | |
3939 | |
$ # As a first test of the solution let's check the content of the encrypted file using a script | |
$ cat test_encryption.sh | |
#!/bin/bash | |
read -p "Please enter the Ansible Vault password ? : " vault_password | |
echo ${vault_password,,} | ansible-vault view test_var.yml --vault-password-file=/bin/cat | |
$ ./test_encryption.sh | |
Please enter the Ansible Vault password ? : toto | |
test_var: toto | |
$ # And without surprise, we can use that file in a playbook we call from the same kind of script | |
$ cat test_playbook.yml | |
--- | |
- hosts: localhost | |
gather_facts: false | |
vars_files: | |
- test_var.yml | |
tasks: | |
- debug: | |
var: test_var | |
$ cat run_ansible.sh | |
#!/bin/bash | |
read -p "Please enter the Ansible Vault password ? : " vault_password | |
echo ${vault_password,,} | ansible-playbook test_playbook.yml --vault-password-file=/bin/cat | |
$ ./run_ansible.sh | |
Please enter the Ansible Vault password ? : toto | |
PLAY [localhost] ************************************************************************************************************************************************************************************************** | |
TASK [debug] ****************************************************************************************************************************************************************************************************** | |
ok: [localhost] => { | |
"test_var": "toto" | |
} | |
PLAY RECAP ******************************************************************************************************************************************************************************************************** | |
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment