--- mypassword: "$6$MShlKf---TGBeyVcMg.jEw4w7/" |
---
- name: Add vault-group group
group:
name: vault-group
state: present
gid: 60000
- name: Add user vault-user
user:
name: vault-user
uid: 600000
group: vault-group
comment: User to test ansible-vault
shell: /bin/bash
home: /tmp/vault-user
password: "{{ mypassword }}"
|
$ ansible all -i localhost, -m debug -a "msg={{ 'my-passwd' | password_hash('sha512') }}"
localhost | SUCCESS => {
"msg": "$6$F/h8ASFD5........oAGhASt/"
}
|
$ ansible-vault encrypt user/vars/main.yml New Vault password: < my-vault-passwd > Confirm New Vault password: < my-vault-passwd > Encryption successful |
$ ansible-vault decrypt user/vars/main.yml Vault password: < my-vault-passwd > Decryption successful |
$ ansible-vault view user/vars/main.yml Vault password: |
$ ansible-vault rekey user/vars/main.yml Vault password: New Vault password: Confirm New Vault password: Rekey successful |
$ ansible-vault edit user/vars/main.yml Vault password: |
$ ansible-playbook -i inventory user.yml --ask-vault-pass Vault password: |
$ ansible-playbook -i inventory user.yml --vault-password-file=.vault-secret |