Introduction to Ansible Transcripts
Lecture: Ansible Vault
0:00 In our current iteration of our first playbook
0:02 we have a single file that stores all our variables, all.
0:06 Now nothing in this file is particularly sensitive
0:08 but if we wanted to add a password for a deploy user
0:16 we'd want to make sure that this file is encrypted
0:19 and we can use ansible-vault to do that.
0:21 So go ahead and add deploy user password
0:23 into helloworld123.
0:26 Now with this file, if we take a look at the contents right now
0:29 we can see it's all in plain text.
0:30 But if we use ansible-vault encrypt
0:35 we can then give it a password.
0:39 If we try to take a look at the file now
0:41 it's completely encrypted
0:42 and saved to add to version control.
0:43 So that's the first command that you're going to want to use
0:45 ansible-vault encrypt.
0:46 You can also use ansible-vault create
0:49 if you're working on a new file
0:51 but I typically work with files in plain text
0:53 while I'm doing my development and then I encrypt them
0:55 when I'm getting ready to add everything
0:57 in my initial commit in version control.
1:01 So the file is now encrypted.
1:02 What do we do with this?
1:03 Let's say we want to make change.
1:04 We want to change our password for that deploy user.
1:09 We again use ansible-vault and we use the edit command.
1:12 We'd give it the password
1:14 and now we can edit our file with our default editor.
1:16 Now for me, I use Vim, so that works for me
1:19 when I'm using the edit command.
1:20 If you want to use a different editor on your system
1:22 just specify editor equals, for example
1:24 the Nano Editor or Sublime
1:26 whatever your editor of choice is.
1:32 Then when you open up the file
1:34 it would use a different editor.
1:37 So now let's change our password helloworld1234
1:41 we'll write that file, and we'll exit this editor.
1:45 The file is encrypted as we would like.
1:50 But we can see when we reopen the file it's been saved
1:52 with that additional four that changes the password
1:56 for the deploy user.
1:57 So now that our data is safe, how do we use it?
1:59 There's a couple different ways.
2:00 The most common one is going to be
2:02 is when you're running your Ansible playbook command
2:06 and we're going to pass in argument ask vault pass.
2:18 It'll ask us for a vault password
2:20 decrypts our variables, and uses them in the playbook.
2:23 So now just as we had before
2:25 when we were running our playbook
2:26 we can use that encrypted data as if it was plain text.
2:29 The one other way that we can use our data
2:32 we can just go ahead and decrypt it.
2:37 It'll ask us for our password
2:39 and now if we take a look at the file
2:41 it's back to plain text so it is reversible.
2:43 If you want to play around with ansible-vault
2:45 encrypting your files and then you find out later
2:47 oh, I actually do want this to be in plain text
2:49 or you split out the sensitive ones
2:51 from the plain text ones
2:52 you can just use ansible-vault decrypt
2:54 in order to handle that.
2:55 So that's how you can keep your data safe
2:56 and add it to source control
2:58 and make sure that it's not compromised
2:59 using the ansible-vault command.