In this blog post, I will show you how to encrypt Ansible files using Ansible vault.
Ansible Vault
Vault is a built-in feature in Ansible that is already available with any installation without needing to modify the configuration.
Using vault, we can encrypt any YAML, JSON or variables Ansible is using during runtime or while the data is at rest.
By encrypting our files, we can protect valuable data that Ansible is using.
Encrypt
Let’s start and encrypt a playbook file (YAML) by using the following command.
Ansible-vault create securefile.yaml
After running the command, you will need to set up a password that you will need to use in case you would like to edit the file.
After typing the password, the vi editor will open it, and you can add content to it.
If I try to open the file, I will get the following output which means the file is encrypted.
Edit Encrypted File
To edit an encrypted file, we use the following command.
ansible-vault edit securefile.yaml
Run Encrypted Playbook
To run an encrypted playbook, we need to use the following command and switch.
ansible-playbook --ask-vault-pass secureplaybook.yaml
Encrypt an Existing Playbook
To encrypt an existing file, use the following command.
ansible-vault encrypt secureplaybook.yaml
Decrypt an encrypted file
And finally to overdone an encryption we need to run the following command.
ansible-vault decrypt secureplaybook.yaml
