-
-
Save rjjaramillo/f085c4ccf9624b074a7b7684d5c49cfc to your computer and use it in GitHub Desktop.
Revisions
-
tristanfisher revised this gist
May 14, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ ## Working with ansible-vault ---------------------------- -
Apr 27, 2016 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -72,3 +72,7 @@ That's it! Hop on the server and you can see that the decrypted content is ther This is useful for more than just movie spoilers -- I use this approach to copy over my [deploy-keys](https://help.github.com/articles/managing-deploy-keys) to make continuous integration and simple deployments a reality. 26-April-2016 edit: There's now a "best practice" document that may be interesting to you if you're reading this tutorial: http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults -
Jun 13, 2014 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,10 +11,10 @@ Let's use an example: You're writing an Ansible role and want to encrypt the spo Your Ansible role should have the following structure similar to the following: roles/aliens ├── tasks │ └── main.yml └── vars └── spoilers.yml First, put your spoiler text in a roles/aliens/vars/spoilers.yml: -
Jun 13, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,74 @@ ##Working with ansible-vault ---------------------------- I've been using a lot of Ansible lately and while almost everything has been great, finding a clean way to implement ansible-vault wasn't immediately apparent. What I decided on was the following: put your secret information into a `vars` file, reference that `vars` file from your `task`, and encrypt the whole `vars` file using `ansible-vault encrypt`. Let's use an example: You're writing an Ansible role and want to encrypt the spoiler for the movie [Aliens](http://www.imdb.com/title/tt0090605/). Your Ansible role should have the following structure similar to the following: roles/aliens ├── tasks │ └── main.yml └── vars └── spoilers.yml First, put your spoiler text in a roles/aliens/vars/spoilers.yml: --- spoiler_text: | people run into some space aliens and they end up fighting them (Note the pipe, followed by the new line with text indented by two spaces. This allows you to easily put multi-line text into a variable.) Then, reference your `spoiler_text` variable in your task: --- - include_vars: spoilers.yml - name: Put the spoiler text in the tmp directory on the remote server. copy: content="{{spoiler_text}}" dest=/tmp/spoiler_text.txt Encrypt your spoilers file using your vault password file on the command line: $ ansible-vault encrypt roles/aliens/vars/spoilers.yml --vault-password-file ~/.vault_pass.txt Encryption successful You can now safely put this file in your source control without spoiling the movie for everyone. $ head -n3 aliens/vars/spoilers.yml $ANSIBLE_VAULT;1.1;AES256 61616366326131636131323230613333356361333737356566646133343062623061313931666462 3933316533346664393430643963646533663737343434320a613862353665663862393939383336 ... Then, given a playbook that looks like: --- # file: movies.yml - hosts: all roles: - { role: aliens } You can now run this against your server: $ ansible-playbook -i inventory/development.hosts playbooks/movies.yml --vault-password-file ~/.vault_pass.txt That's it! Hop on the server and you can see that the decrypted content is there on disk: remote_server$ cat /tmp/spoiler_text.txt people run into some space aliens and they end up fighting them This is useful for more than just movie spoilers -- I use this approach to copy over my [deploy-keys](https://help.github.com/articles/managing-deploy-keys) to make continuous integration and simple deployments a reality.