Secure Secrets with Ansible Vault: Use Encrypted Strings

Secure secrets by encrypting strings using Ansible Vault.

Some variables do not contain sensitive information. Those variables could also be instrumental when troubleshooting. And in certain situations, it might not make sense to encrypt the entire file, making discovery more difficult.

Perhaps we only want to encrypt the sensitive variables and not the whole file. Ansible Vault can do that, too.

You will create an encrypted string for the ansible_password variable and decrypt the group variable files.

  1. Generate an encrypted string variable for ansible_password. When prompted, enter the vault password.

    • Replace <Password> with the ansible user password.

    • Copy the ansible_password encrypted string value to the clipboard.

Get hands-on with 1000+ tech skills courses.