Introduction to Ansible Transcripts
Lecture: Encrypting Data
0:00 The files in your Ansible playbook should always be added to version control. Just like any code in your application but that also can present an issue
0:08 because you will typically have sensitive variables stored under your variables directory. In our first playbook, we had one file
0:15 that stored all of our variables, all but in more complicated projects you'll likely have many files that store variables
0:21 under numerous subdirectories of the group_vars directory. So, how do we handle adding variables to source control without exposing sensitive data
0:29 like passwords. That's where ansible-vault comes in. ansible-vault is a separate command just like the one we have for ansible-playbook.
0:36 ansible-vault allows us to encrypt and decrypt files and parts of files, so that we can add the sensitive data to version control without exposing it
0:46 to anyone who would have access to that version control intentionally or unintentionally. And by using the ansible-vault, encrypt, decrypt
0:53 edit, and several other commands we'll see we can then work with our encrypted files and when we're ready to use them in our Ansible playbook
0:59 we'll pass on the parameter ask vault password so the Ansible playbook command will decrypt the files temporarily while it's executing our playbook.
1:07 Let's take a look at the ansible-vault command.