Here is how to edit a vault protected file :
ansible-vault edit hostvars/blah.yml
Here is how to put a multiline entry like a private key in vault (for a simple value, just don’t use a |
):
ssl_key : |
----- BEGIN PRIVATE KEY -----
blahblahblah
blahblahblah
----- END PRIVATE KEY -----
And here is how to use it in a task :
- copy:
path: /etc/ssl/private.key
mode: 0400
content: '{{ ssl_key }}'
To run a playbook, you will need to pass the --ask-vault
argument or to export a ANSIBLE_VAULT_PASSWORD_FILE=/home/julien/.vault_pass.txt
variable (the file needs to contain a single line with your vault password here).