O'Reilly logo

Ansible Configuration Management - Second Edition by Daniel Hall

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Storing secrets

Eventually, you will need to include sensitive data in your Ansible recipes. All the recipes that we have discussed so far have to be stored on the disk in plain text; if you are also storing it in source control, then third parties may even have access to this data. This is risky and may be in violation of your corporate policies.

This can be avoided using Ansible vaults. Vaults are files that are encrypted and can be decrypted by Ansible transparently. You can use them for includes, variable files, tasks lists in roles and any other YAML formatted file that Ansible uses. You can also use it with both JSON and YAML files included with the -e command-line argument to ansible-playbook. Vault files are managed with the ansible-vault ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required