Skip to main content

Vault

1. Overview

Ansible Vault is a tool for encrypting sensitive data. Among this sensitive data, you may find passwords, certificates, SSH keys, etc.

2. Example of Certificate Encryption

ansible-vault encrypt_string --name certificat_tls @vault.crt

The result is displayed in the terminal

certificat_tls: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          3566633735313839...
          3936653937313463...

To encrypt variables in a file, you must first create the file

# group_vars/all.yml
certificat_tls: |
  -----BEGIN CERTIFICATE-----
  MIIC6TCCAdGgAwIBAgI...
  -----END CERTIFICATE-----

Then encrypt the entire file:

ansible-vault encrypt group_vars/all.yml

And to edit it later:

ansible-vault edit group_vars/all.yml