How to use Ansible-vault to encrypt string

Hello all,

In the rise of Devops technologies, ansible is most favorable tool among us and ansible is used for manage the configuration of the server. ansible-vault is also a tool that is pre-installed package with ansible.

Most challenging part in the server management is to keep the server secret in encrypted form so ansible-vault comes into the picture. With the help of ansible-vault we can encrypt, decrypt, edit and create any encrypted file, you can also encrypt any string as well.

From the ansible-vault you can encrypt the string as well as the whole file depending upon your task, you can encrypt the whole inventory as well

Follow the steps to encrypt the string

You also need to create a vault password that is stored in the file.

echo "ansible-vault-password" > secret

suppose you want to encrypt the variable ansible_password: secret@!3

ansible-vault encrypt_string 'secret@!3' --name 'ansible_password' --vault-password-file secret

Here name is used for the variable name and vault-password-file is for ansible-vault password file

sample output —

copy all the content including indentation, you can use this variable in the yaml syntax only. If you have inventory that is written in ini format you will need to encrypt the whole inventory or create the inventory in the yaml syntax.

You can skip the name keyword like this —

ansible-vault encrypt_string 'secret@!3' --vault-password-file secret

Create the simple playbook and use the variable in the vars section—

vi sample-playbook.yml

You have to give the password file in the runtime of the playbook like this -

ansible-playbook sample-playbook.yml --vault-password-file secret

Runtime you can see your password in the debug message so is that the another way to pass the sensitive information in the ansible playbook.

Thank you for reading the article. If you have any queries mail me you can follow me on meduim Nitin Namdev also.