Introduction to Ansible Transcripts
Lecture: Encrypting Data
0:00 The files in your Ansible playbook should always be added
0:02 to version control.
0:03 Just like any code in your application
0:05 but that also can present an issue
0:07 because you will typically have sensitive variables stored
0:10 under your variables directory.
0:12 In our first playbook, we had one file
0:14 that stored all of our variables, all
0:16 but in more complicated projects
0:17 you'll likely have many files that store variables
0:20 under numerous subdirectories of the group_vars directory.
0:24 So, how do we handle adding variables
0:25 to source control without exposing sensitive data
0:28 like passwords.
0:29 That's where ansible-vault comes in.
0:31 ansible-vault is a separate command just
0:34 like the one we have for ansible-playbook.
0:35 ansible-vault allows us to encrypt and decrypt files
0:40 and parts of files, so that we can add the sensitive data
0:43 to version control without exposing it
0:45 to anyone who would have access
0:47 to that version control intentionally or unintentionally.
0:49 And by using the ansible-vault, encrypt, decrypt
0:52 edit, and several other commands we'll see
0:54 we can then work with our encrypted files
0:56 and when we're ready to use them in our Ansible playbook
0:58 we'll pass on the parameter ask vault password
1:00 so the Ansible playbook command will decrypt the files
1:03 temporarily while it's executing our playbook.
1:06 Let's take a look at the ansible-vault command.