In our previous article we discussed the procedure/steps to manage secrets(passwords/keys/certs files) by using ansible vault. In this article, we will discuss the next step i.e. to create encrypted variables/strings to embed in yaml by using ansible-vault encrypt_string command.
The ansible-vault encrypt_string command will encrypt and format a provided string into a format that can be included in ansible-playbook YAML files.
Examples & Usage
1. To encrypt a string provided as a cli (command line) argument: Create password file (e.g. password_file) and used it as a vault id like as below
[ansible@localhost ~]$ ansible-vault encrypt_string --vault-id password_file 'string_vaule' --name 'string_name'
Result:
string_name: !vault |
$ANSIBLE_VAULT;1.1;AES256
33303536636266336335636139343634396237383437316537663936366338626534303439656538
3831356662313738373336396431303030636432636436610a633230613436366530353564653161
62356538323830656233666431343238333361363335343630343964343739666332313036366436
6231323765663637620a643430353833393064353366363036613536666366333532373932366264
6432
Use above string variable and value into your playbooks
2. To encrypt a string by using vault-id label:
[ansible@localhost ~]$ ansible-vault encrypt_string --vault-id user@password_file 'string_value' --name 'string_name'
string_name: !vault |
$ANSIBLE_VAULT;1.2;AES256;user
62616634356335366433326435643865636238656530666334343962643934333637656231346165
6439333438623465653937653963353165333365663731640a313166383731613938323338643165
33306238623832333636373961666533323562313033633364633334353730376461653832333836
6238393733393630610a313637653765343762313338616630323563636438363832666462643539
3634
3. To encrypt a string read from stdin and name it ‘string_name’:
[ansible@localhost ~]$ ansible-vault encrypt_string --vault-id user@password_file --stdin-name 'string_name'
Reading plaintext input from stdin. (ctrl-d to end input)
string_value
string_name: !vault |
$ANSIBLE_VAULT;1.2;AES256;user
64386436626265626162323238333132323838616366393032616334623361316633393037303663
3837343539366563346638366539333163393063303832660a633563333337666165396633623366
37343038623266393638313331343530383630666632666262663930313635343863346336363630
3064623239616335320a396565633663306565616562396133336164386133623834633430333236
3962
That’s it. This is how you can encrypt strings with ansible-vault. If you have any query related to ansible-vault, feel free to ask in comments section.
Also for more information please visit Ansible official documents, click here…
The post Manage secrets/passwords with Ansible Vault (ansible-vault encrypt_string) – Part 2 appeared first on DevOps Techie.
This post first appeared on Devops Techie - Solutios For Devops Tools And Practices, please read the originial post: here
