Main Page

Wednesday, 3 March 2021

Ansible vault examples

 Create a new playbook with ansible vault command to encrypt

[osboxes@master ansible-playbooks]$ ansible-vault create myplaybook.yml

New Vault password:

Confirm New Vault password:


Playbook is in encrypted format

[osboxes@master ansible-playbooks]$ cat myplaybook.yml
$ANSIBLE_VAULT;1.1;AES256
33323364653962656634346462396431306336343534663265646663356463623036656563313931
3264313266393965316435666439316661623763356164630a356463646366343662666637323263
34356433343061313432386262376566393536663930653030333863393130336563353931613466
3432343361613631620a396235363864663639306465396230366564666630616666336161316265
33613338666264323735326336303537353663363835316330393239666634366461383935373962
62646338663339333132646465343664613439316464373133633630656664663630343161633465
65316136653964313663363133636430663132393936326630656430383931373233646436663661
65663663383336643463653338326439353330376532363866663936366237646635386138383835
65363366616161393038656262373631633439356433336133653435626136616137633136336164
38623636326134633435306630613936313565376264666564303032383531393137666662653930
62323366343032613137393064353836396233313433666263396536666163666134313865383430
61333436626233633337323834633564636265333930333464366232663366326238313833363166
65633465666434616262303136383032643737653061323935373633353464653331


Command to view the exiting encrypted playbook

[osboxes@master ansible-playbooks]$ ansible-vault view  myplaybook.yml
Vault password:
---
- name: sample playbook
  hosts: all
  become: true
  become_user: root
  tasks:
    - name: create a user
      user:
        name: pavan
        uid: 3405
        state: present

Create a new playbook and supply a ansible vault password from a file

[osboxes@master ansible-playbooks]$ cat password.txt
abcdef123

[osboxes@master ansible-playbooks]$ ansible-vault create mynewplaybook --vault-password-file=password.txt

Note: this will not prompt you for the password rather is uses the password from a file.

How to edit an exiting encrypted ansible playbook

[osboxes@master ansible-playbooks]$ ansible-vault edit mynewplaybook
Vault password:



How to encrypt existing plain text playbook or file


[osboxes@master ansible-playbooks]$ cat inventory.txt
linuxhost

[osboxes@master ansible-playbooks]$ ansible-vault encrypt inventory.txt
New Vault password:
Confirm New Vault password:
Encryption successful

[osboxes@master ansible-playbooks]$ cat inventory.txt
$ANSIBLE_VAULT;1.1;AES256
33363732386161363837306334323835353030636361626661656234646264656133316330346333
6430633838646432366338636162343861363363343633660a326531356235633338386234646466
63316530353162313635623466353465346161386363666239313931333533383532663763623565
6632653536396461340a373662323165663661616531663861626236623763646431623636313365
6137

How to decrypt an excising encrypted file

[osboxes@master ansible-playbooks]$ ansible-vault decrypt inventory.txt
Vault password:
Decryption successful

[osboxes@master ansible-playbooks]$ cat inventory.txt
linuxhost

How to encrypt a exiting file and output to a new file.

[osboxes@master ansible-playbooks]$ cat myplaybook.yml
---
- name: sample playbook
  hosts: all
  become: true
  become_user: root
  tasks:
    - name: create a user
      user:
        name: pavan
        uid: 3405
        state: present
    - name; create a second user
      user:
      name: kumar
      uid: 3406
      state: present

[osboxes@master ansible-playbooks]$ ansible-vault encrypt myplaybook.yml --output=myplaybook-new.yml
New Vault password:
Confirm New Vault password:
Encryption successful

[osboxes@master ansible-playbooks]$ ansible-vault encrypt myplaybook.yml --output=myplaybook-new.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[osboxes@master ansible-playbooks]$ cat myplaybook.yml
---
- name: sample playbook
  hosts: all
  become: true
  become_user: root
  tasks:
    - name: create a user
      user:
        name: pavan
        uid: 3405
        state: present
    - name; create a second user
      user:
      name: kumar
      uid: 3406
      state: present

[osboxes@master ansible-playbooks]$ cat myplaybook-new.yml
$ANSIBLE_VAULT;1.1;AES256
65346362393834646664663363623633376465636133353733333163643538646333386635356464
3766333336353132323830343139613966363034323062330a633664653731336564643738343638
63623463333666393931313061363232306263663036613534303065653930653066626634336633
3933656663353661350a663261626566383666333631623066313333356266306561626633323435
33356238326339396262666237616662646563306238356561386433363735633733626466376532
63363162353966616164613631646266636661646433646265396335316437333936613737386335
66666561363938303563613031333433343361393135623230626464323138386463643231353837
64663137656565373538386134653038326232353666613633643762346339383739383330313634
61373366353139633265623061323237653734393236383937663862646335633764313336356533
63633831626131623936663663323263313130363330376662383837383062323264636137366638
64333966326463643730356463613636623231643835356531616434616566383034376332636163
31633165363965336536356531356561663964666630313262633263636566323433653937653934
36636561303162346533313332303661343630303564306137353438643534393966356364346635
38373366616337623636363331316639376166373739376562313761623230343039336236376339
66373331343031616463326535363838653739623461643065306562353464656234333465393833
64376332376436643661633463393763303663643934333733383963663833326638313438656133
33613566383263616265363962356633356331383032343062336232333463316532373463633738
3632613562623837396338626136353833613762323861303337



How to change the password of encrypted file 

[osboxes@master ansible-playbooks]$ ansible-vault rekey  myplaybook-new.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful

How to run encrypted playbook

[osboxes@master ansible-playbooks]$ cat linux-user.yml
$ANSIBLE_VAULT;1.1;AES256
66656130323264306261626638333937653734616232643762663164353661383537366634326439
3161363539653865346136353133313037623662653336360a393731373363343266383630653635
66353537313666306338303364633131376466376465373962323161353131646332643331303232
3436626635633631370a336361653664613633353661336631656234623332666438633134313564
31363161626330363437633739313961396438646537383566643862336634646134613831323538
65313364643363613363623937653439376363343266613065623236393237333236643532356666
66643231663631393935326537616261353432346434643861343036333964623061386335383336
63343062643930306539373537326661623238653333653564646635376232626638326534343633
37646434303633313138313433316561306362323537646162663939323837613664663362633261
31316130656461333162633239353834623464373563623832653234353362396139656362353333
36393034643938306535653636376465336133653335326363393637386633623466333862303765
63613531393839636661326562336266353966316561643830306435326565626164346532373135
35353561353563613166626362663535323932336262633737353363373734616464313137306537
34363634343564376636306138383365366636623135623930373063613236666539646337623737
306336363139613839663765623331666633

[osboxes@master ansible-playbooks]$ cat inventory.txt
linuxhost


[osboxes@master ansible-playbooks]$ ansible-playbook --vault-id @prompt linux-user.yml -i inventory.txt -K
BECOME password:
Vault password (default):

PLAY [Create a Linux User] **********************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [linuxhost]

TASK [User Account Creation] ********************************************************************************************************************************
changed: [linuxhost]

PLAY RECAP **************************************************************************************************************************************************
linuxhost                  : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0







No comments:

Post a Comment