使用 ansible-vault 加密 Ansible Playbook .pem 私钥
[英]Encrypting Ansible Playbook .pem private key with ansible-vault
问题描述
Is there any way to encrypt --private-key with ansible-vault and use it encrypted with Ansible Playbook ansible-playbook command (or inside Playbook)?
有没有办法用 ansible-vault 加密 --private-key 并使用 Ansible Playbook ansible-playbook 命令(或在 Playbook 内部)加密它?
I tried this but it didn't worked:我试过这个,但没有用:
$ ansible-vault create encrypted_ssh_key.pem --vault-password-file vault_password_file
(pasted my SSH private key into it) (将我的 SSH 私钥粘贴到其中)
$ ansible-playbook ansible_playbook -i inventory/ec2.py \
-e ansible_ssh_user=ubuntu \
-e ansible_user=ubuntu \
--private-key=encrypted_ssh_key.pem \
--vault-password-file vault_password_file
It's always asking me for a passphrase and even after I enter it (the one from vault_password_file) it doesn't accept it.它总是要求我输入密码,即使我输入它(来自 vault_password_file 的那个)它也不接受它。 I can login to EC2 instance without any problems by using that private key.通过使用该私钥,我可以毫无问题地登录 EC2 实例。
1 个解决方案
解决方案1
3 已采纳 2017-10-12 12:31:50
Sorry, but you are taking a wrong approach.抱歉,您采取了错误的方法。
What you need is to create a passphrase for the key, not encrypt the key with Ansible Vault.您需要为密钥创建密码,而不是使用 Ansible Vault 加密密钥。
openssl rsa -in ssh_key.pem -out encrypted_ssh_key.pem
Give it a passphrase and provide that passphrase every time you run it (or use some agent which would cache the password for you):给它一个密码短语,并在每次运行它时提供该密码短语(或使用一些可以为你缓存密码的代理):
ansible-playbook ansible_playbook -i inventory/ec2.py \
-e ansible_ssh_user=ubuntu \
-e ansible_user=ubuntu \
--private-key=encrypted_ssh_key.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.