In our previous article we discussed the procedure/steps to manage secrets(passwords/keys/certs files) by using ansible vault. In this article, we will discuss the next step i.e. to create encrypted variables/strings to embed in yaml by using ansible-vault encrypt_string
command.
The ansible-vault encrypt_string command will encrypt and format a provided string into a format that can be included in ansible-playbook YAML files.
Examples & Usage
1. To encrypt a string provided as a cli (command line) argument: Create password file (e.g. password_file) and used it as a vault id like as below
[ansible@localhost ~]$ ansible-vault encrypt_string --vault-id password_file 'string_vaule' --name 'string_name' Result: string_name: !vault | $ANSIBLE_VAULT;1.1;AES256 33303536636266336335636139343634396237383437316537663936366338626534303439656538 3831356662313738373336396431303030636432636436610a633230613436366530353564653161 62356538323830656233666431343238333361363335343630343964343739666332313036366436 6231323765663637620a643430353833393064353366363036613536666366333532373932366264 6432 Use above string variable and value into your playbooks
2. To encrypt a string by using vault-id label:
[ansible@localhost ~]$ ansible-vault encrypt_string --vault-id user@password_file 'string_value' --name 'string_name' string_name: !vault | $ANSIBLE_VAULT;1.2;AES256;user 62616634356335366433326435643865636238656530666334343962643934333637656231346165 6439333438623465653937653963353165333365663731640a313166383731613938323338643165 33306238623832333636373961666533323562313033633364633334353730376461653832333836 6238393733393630610a313637653765343762313338616630323563636438363832666462643539 3634
3. To encrypt a string read from stdin and name it ‘string_name’:
[ansible@localhost ~]$ ansible-vault encrypt_string --vault-id user@password_file --stdin-name 'string_name' Reading plaintext input from stdin. (ctrl-d to end input) string_value string_name: !vault | $ANSIBLE_VAULT;1.2;AES256;user 64386436626265626162323238333132323838616366393032616334623361316633393037303663 3837343539366563346638366539333163393063303832660a633563333337666165396633623366 37343038623266393638313331343530383630666632666262663930313635343863346336363630 3064623239616335320a396565633663306565616562396133336164386133623834633430333236 3962
That’s it. This is how you can encrypt strings with ansible-vault. If you have any query related to ansible-vault, feel free to ask in comments section.
Also for more information please visit Ansible official documents, click here…
The post Manage secrets/passwords with Ansible Vault (ansible-vault encrypt_string) – Part 2 appeared first on DevOps Techie.
This post first appeared on Devops Techie - Solutios For Devops Tools And Practices, please read the originial post: here