[英]How to encrypt variables using Ansible Vault?
I'm trying to use encryption for my sensitive information like eg passwords etc. 我正在尝试对我的敏感信息(例如密码等)使用加密。
The question is: How to use ansible-vault
to encrypt variables and use them in playbooks? 问题是:如何使用
ansible-vault
加密变量并将其用于剧本中?
I know how to encrypt a string (shown below), but I don't know how I can successfully use it in a playbook. 我知道如何加密字符串(如下所示),但是我不知道如何在剧本中成功使用它。
The reason is: I need something to "decrypt" the variable so ansible can understand. 原因是:我需要一些东西来“解密”变量,以便ansible可以理解。 Where are these defined?
这些在哪里定义?
I have tried: 我努力了:
ansible-vault encrypt_string -- 'db_password'
Where I'm prompted with: 提示我的地方:
New Vault password:
Confirm New Vault password:
Result: 结果:
!vault |
$ANSIBLE_VAULT;1.1;AES256
63653238643164303561353238643934343861356332323038386236633963326232393830363961
6366336230666134383864306136623030643339353166620a633030646334393563633662653736
35646530383762363262333038376339396432373030363536373232393032316364636565663833
6430316563653265660a366537373637346338383165653531646462313762663035343734316134
3736
Encryption successful
Defining vault variable vault_db_password
定义保管库变量
vault_db_password
vault_db_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
34353733663863636564363261373962616630333032326363633661326363643533326239363165
3531393735333535383063373661336333356164653863630a356139333131323935306265623735
35633665633739656337336562306638646339656235313063643363636433653765633830663330
6136653534383461370a363839313065343731613035383731363337373866613534326261333531
3362
Vault variable being used: 使用的保管库变量:
MYSQL_ROOT_PASSWORD: "{{ vault_db_password }}"
Result: 结果:
FAILED! => {"msg": "Attempting to decrypt but no vault secrets found"}
you need to create a --vault-password-file
file first, then use that to the ansible-vault
command and finally include it in the ansible-playbook
command. 您需要首先创建
--vault-password-file
文件,然后将其用于ansible-vault
命令,最后将其包含在ansible-playbook
命令中。
to create the password file and then a ansible vault, check here: 要创建密码文件,然后再创建一个可用的文件库,请在此处检查:
https://stackoverflow.com/a/49744154/5736671 https://stackoverflow.com/a/49744154/5736671
to run the playbook with the password key file, you can run: 要使用密码密钥文件运行剧本,可以运行:
ansible-playbook -i hosts <hosts file> --vault-password-file=<vault password file>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.