Secure Secrets with Ansible Vault: Use Encrypted Files

Secure secrets by encrypting files using Ansible Vault.

We'll cover the following

There is a secret we have been using. It’s the password of the Ansible user that is stored in cleartext. Having it stored in clear text isn’t good, but having it stored within a Git repository is even worse. Luckily, Ansible has a solution.

Ansible Vault

Ansible Vault is a feature that allows you to encrypt files or strings to store sensitive data such as passwords and keys. These encrypted values are safe to store in source control. They are decrypted with the following options on the Ansible commands:

  • --ask-vault-pass
  • --vault-password-file
  • --vault-id

Using encrypted files

Ansible Vault has the ability to encrypt entire files. Using Ansible Vault, you can create an encrypted file that stores the variables.

You will encrypt the linux.yml and windows.yml group variable files.

  1. Encrypt the linux.yml variable file; when prompted, enter the decrypt password. Use the following command,

Get hands-on with 1000+ tech skills courses.