Introduction to Ansible Transcripts
Chapter: Data
Lecture: Encrypting Data
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
The files in your Ansible playbook should always be added to version control. Just like any code in your application but that also can present an issue
0:08
because you will typically have sensitive variables stored under your variables directory. In our first playbook, we had one file
0:15
that stored all of our variables, all but in more complicated projects you'll likely have many files that store variables
0:21
under numerous subdirectories of the group_vars directory. So, how do we handle adding variables to source control without exposing sensitive data
0:29
like passwords. That's where ansible-vault comes in. ansible-vault is a separate command just like the one we have for ansible-playbook.
0:36
ansible-vault allows us to encrypt and decrypt files and parts of files, so that we can add the sensitive data to version control without exposing it
0:46
to anyone who would have access to that version control intentionally or unintentionally. And by using the ansible-vault, encrypt, decrypt
0:53
edit, and several other commands we'll see we can then work with our encrypted files and when we're ready to use them in our Ansible playbook
0:59
we'll pass on the parameter ask vault password so the Ansible playbook command will decrypt the files temporarily while it's executing our playbook.
1:07
Let's take a look at the ansible-vault command.