Start using Ansible Vault is pretty easy.
As usual, there is no magic here, you keep the key in mind or a file somewhere.
If you keep it in mind doesn’t sound very practical because you are trying to automate tasks without human intervention and either way you don’t want to type that long key each time.
(You can use this method for any kind of file, Ansible or not, for a picture is you like.)
Now, if you DO want to introduce the pass-key each time, then skip this section.
Create the file with the key
Just create a file with the pass inside with
echo, like this
echo "my_password" >> .vault_pass
Even the name of the file can be whatever you want like “cakes”, “.boring”, etc.
Keep the file hidden in the hard disk using the normal file privileges from Linux. Sounds pretty traditional right. I think is good enough, a weird file somewhere in the disk that only you and root know about.
Next, use it as an environment variable in your user_id profile $HOME/.profile or system-wide /etc/profile, and add it with:
In this way, Ansible will automatically use it to encrypt and decrypt.
Create, encrypt, view, and edit files
The next steps are very easy:
1.- create an encrypted file
ansible-vault create your_file
2.- encrypt an existing file
ansible-vault encrypt your_file
3.- view an encrypted file
ansible-vault view your_file
4.- edit an encrypted file
ansible-vault edit your_file
Refer to Ansible Documentation at https://docs.ansible.com/ansible/latest/user_guide/vault.html