Secure Secrets with Ansible Vault: Use Encrypted Files
There is a secret we have been using. It’s the password of the Ansible user that is stored in cleartext. Having it stored in clear text isn’t good, but having it stored within a Git repository is even worse. Luckily, Ansible has a solution.
Ansible Vault is a feature that allows you to encrypt files or strings to store sensitive data such as passwords and keys. These encrypted values are safe to store in source control. They are decrypted with the following options on the Ansible commands:
Using encrypted files
Ansible Vault has the ability to encrypt entire files. Using Ansible Vault, you can create an encrypted file that stores the variables.
You will encrypt the
windows.yml group variable files.
- Encrypt the
linux.ymlvariable file; when prompted, enter the
decryptpassword. Use the following command,