RSS

Ansible vault example

Ansible vault example

Here is how to edit a vault protected file :

ansible-vault edit hostvars/blah.yml

Here is how to put a multiline entry like a private key in vault (for a simple value, just don’t use a |):

ssl_key : |
  ----- BEGIN PRIVATE KEY -----
  blahblahblah
  blahblahblah
  ----- END PRIVATE KEY -----

And here is how to use it in a task :

- copy:
    path: /etc/ssl/private.key
    mode: 0400
    content: '{{ ssl_key }}'

To run a playbook, you will need to pass the --ask-vault argument or to export a ANSIBLE_VAULT_PASSWORD_FILE=/home/julien/.vault_pass.txt variable (the file needs to contain a single line with your vault password here).

Ressources