Friday, 13 July 2018

How to encrypt string using ansible vault with example

In this article we will see how to encrypt string in Ansible using vault.

Introduction

Encrypting password, keys and variable is required to make system roboust. Using Ansible vault we can store the sensitive data and use the vault when running playbooks on remote machines. Using vault, the sensitive data remains safe.

How to encrypt string using vault

It is required to pass sensitive information if we are using Ansible as a configuration management system or a orchestration engine. For eg. we might need to pass password or ssh key while running playbook. By using vault, we can write sensitive data to a file which Ansible can read and utilize the data from within.

For these ansible provides a way to protect your data at rest. This feature is called vault, which allows user to encrypt text files, strings etc so that they are stored "at rest" in encrypted format. Without the key or a significant amount of computing power, the data is indecipherable.ansible-vault command is provided by Ansible in securing stuff.

Code Example


[root@server1 vault]# ansible-vault encrypt_string --vault-id a_password_file 'pass123' --name 'user1'


Result:

user1: !vault |

      $ANSIBLE_VAULT;1.1;AES256

      64576845869345693586856858858685086748057683457845788957865897856045876085707851

      20364856840580208230475024378508247502483650489658498568436856486584685684658445

      34085620345824852034850824598622865984065893460598263846598406895248658094856249

      23452345
 

If you want to use vault-id label then:

[root@server1 vault]# ansible-vault encrypt_string --vault-id myuser@password 'pass123' --name 'user1'
  

Result:

user1: !vault |

      $ANSIBLE_VAULT;1.1;AES256;myuser

      64576845869345693586856858858685086748057683457845788957865897856045876085707851

      20364856840580208230475024378508247502483650489658498568436856486584685684658445

      34085620345824852034850824598622865984065893460598263846598406895248658094856249

      23452345
 

This is how we can encrypt string in Ansible using vault. If you have any query related to Ansible vault, feel free to ask in comment section. Thanks.

No comments:

Post a comment