Secure Secrets with Ansible Vault: Use Encrypted Strings
Some variables do not contain sensitive information. Those variables could also be instrumental when troubleshooting. And in certain situations, it might not make sense to encrypt the entire file, making discovery more difficult.
Perhaps we only want to encrypt the sensitive variables and not the whole file. Ansible Vault can do that, too.
You will create an encrypted string for the
ansible_password variable and decrypt the group variable files.
Generate an encrypted string variable for
ansible_password. When prompted, enter the vault password.
<Password>with the ansible user password.
ansible_passwordencrypted string value to the clipboard.