--- mypassword: "$6$MShlKf---TGBeyVcMg.jEw4w7/" |
--- - name: Add vault-group group group: name: vault-group state: present gid: 60000 - name: Add user vault-user user: name: vault-user uid: 600000 group: vault-group comment: User to test ansible-vault shell: /bin/bash home: /tmp/vault-user password: "{{ mypassword }}" |
$ ansible all -i localhost, -m debug -a "msg={{ 'my-passwd' | password_hash('sha512') }}" localhost | SUCCESS => { "msg": "$6$F/h8ASFD5........oAGhASt/" } |
$ ansible-vault encrypt user/vars/main.yml New Vault password: < my-vault-passwd > Confirm New Vault password: < my-vault-passwd > Encryption successful |
$ ansible-vault decrypt user/vars/main.yml Vault password: < my-vault-passwd > Decryption successful |
$ ansible-vault view user/vars/main.yml Vault password: |
$ ansible-vault rekey user/vars/main.yml Vault password: New Vault password: Confirm New Vault password: Rekey successful |
$ ansible-vault edit user/vars/main.yml Vault password: |
$ ansible-playbook -i inventory user.yml --ask-vault-pass Vault password: |
$ ansible-playbook -i inventory user.yml --vault-password-file=.vault-secret |