堆栈内存溢出
  简体   繁体   English

如何使用Ansible Vault加密变量?

[英]How to encrypt variables using Ansible Vault?

 原文  2019-03-30 15:31:02       ansible/ ansible-vault

问题描述

I'm trying to use encryption for my sensitive information like eg passwords etc. 我正在尝试对我的敏感信息(例如密码等)使用加密。

The question is: How to use ansible-vault to encrypt variables and use them in playbooks? 问题是:如何使用ansible-vault加密变量并将其用于剧本中?

I know how to encrypt a string (shown below), but I don't know how I can successfully use it in a playbook. 我知道如何加密字符串(如下所示),但是我不知道如何在剧本中成功使用它。
The reason is: I need something to "decrypt" the variable so ansible can understand. 原因是:我需要一些东西来“解密”变量,以便ansible可以理解。 Where are these defined? 这些在哪里定义?

I have tried: 我努力了: 

ansible-vault encrypt_string -- 'db_password'

Where I'm prompted with: 提示我的地方: 

New Vault password: 
Confirm New Vault password:

Result: 结果: 

!vault |
          $ANSIBLE_VAULT;1.1;AES256
          63653238643164303561353238643934343861356332323038386236633963326232393830363961
          6366336230666134383864306136623030643339353166620a633030646334393563633662653736
          35646530383762363262333038376339396432373030363536373232393032316364636565663833
          6430316563653265660a366537373637346338383165653531646462313762663035343734316134
          3736
Encryption successful

Defining vault variable vault_db_password 定义保管库变量vault_db_password 

vault_db_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34353733663863636564363261373962616630333032326363633661326363643533326239363165
          3531393735333535383063373661336333356164653863630a356139333131323935306265623735
          35633665633739656337336562306638646339656235313063643363636433653765633830663330
          6136653534383461370a363839313065343731613035383731363337373866613534326261333531
          3362

Vault variable being used: 使用的保管库变量: 

MYSQL_ROOT_PASSWORD: "{{ vault_db_password }}"

Result: 结果: 

 FAILED! => {"msg": "Attempting to decrypt but no vault secrets found"}

1 个解决方案

解决方案1
 2 已采纳  2019-03-30 15:41:45

you need to create a --vault-password-file file first, then use that to the ansible-vault command and finally include it in the ansible-playbook command. 您需要首先创建--vault-password-file文件,然后将其用于ansible-vault命令,最后将其包含在ansible-playbook命令中。

to create the password file and then a ansible vault, check here: 要创建密码文件,然后再创建一个可用的文件库,请在此处检查:

https://stackoverflow.com/a/49744154/5736671 https://stackoverflow.com/a/49744154/5736671

to run the playbook with the password key file, you can run: 要使用密码密钥文件运行剧本,可以运行: 

ansible-playbook -i hosts <hosts file> --vault-password-file=<vault password file>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 ansible Vault 在 Ansible 中加密角色 - How to encrypt roles in Ansible using ansible vault Ansible:如何在单独的保险库文件中加密库存文件中的某些变量? - Ansible: How to encrypt some variables in an inventory file in a separate vault file? ansible vault加密字符串 - ansible vault encrypt string Ansible保管库:加密以“-”开头的密码 - Ansible vault : encrypt password that begins with '-' 如何将 Vault 变量注入 Ansible 模板 - How to inject vault variables into Ansible template 如何在 Ansible 的剧本中加密变量? - How to encrypt variables within a playbook in Ansible? 如何使用 ansible 保险库发布加密文件? - How to post encrypted file using ansible vault? 如何使用ansible vault上传加密文件? - How to upload encrypted file using ansible vault? Ansible Vault和使用include_vars加密的变量 - Ansible Vault and encrypted variables using include_vars Ansible Vault无法读取定义的变量 - Ansible Vault not reading defined variables
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM