When we use ansible, we would like to encrypt secret information like password.
Ansbile have ansible-vault
command to encrypt.
I try ansible-vault
command.
I create inventory file.
[root@cent7devops ansible-test]# cat hosts [test] node01 ansible_host=172.16.10.101 ansible_user=root [root@cent7devops ansible-test]#
I create host variables file.
[root@cent7devops ansible-test]# cat host_vars/node01.yml --- ansible_ssh_pass: passwordstring [root@cent7devops ansible-test]#
I encrypt host variables file.
"vault.txt" is a file to provide a vault password.
[root@cent7devops ansible-test]# ansible-vault encrypt host_vars/node01.yml --vault-id ./vault.txt Encryption successful [root@cent7devops ansible-test]#
I view the contents of an encrypted file.
[root@cent7devops ansible-test]# ansible-vault view host_vars/node01.yml --vault-id ./vault.txt --- ansible_ssh_pass: passwordstring [root@cent7devops ansible-test]#
I confirm variables of "node01" by ansible-inventory
command
[root@cent7devops ansible-test]# ansible-inventory -i hosts --host node01 --vault-id ./vault.txt { "ansible_host": "172.16.10.101", "ansible_ssh_pass": "passwordstring", "ansible_user": "root" } [root@cent7devops ansible-test]#