ansible-vault encrypt credentials

ansible

Solution 1:

I don't think you can encrypt the hosts file. A much better approach would be to have any sensitive information like credentials stored in a secondary vars file that's encrypted with ansible-vault and then just include that file in your playbook:

- hosts: all
  sudo: yes
  gather_facts: yes
  vars_files:
    - /path/to/encrypted/vars.yml

Your inventory file contains a host:

10.1.1.2

Your vars/vars.yml will store your credentials:

ansible_ssh_user: vagrant
ansible_ssh_password: vagrant

To use more than one host you can add groups in the inventory file. The hosts that are in the specific group are sharing the same credentials:

[group1]
10.1.1.2
10.1.1.3

[group2]
10.1.1.4
10.1.1.5

Your playbook will now have two hosts sections:

- hosts: group1
  vars_files:
    - vars/group1.yml

- hosts: group2
  vars_files:
    - vars/group2.yml

The group1.yml and group2.yml files must share the same password.

Related

SCCM: Zoinks... Mystery Maintenance Windows
Any danger in copying latest ADMX (& lang files) into AD Central Store?
High CPU usage of IIS process (w3wp.exe) because of many slow clr.dll!CopyPDBs
VMware CPU Hyper Threading Scheduling Affinity
AD Site link configuration
logstash alert after 1000 occurences
Add a custom header to Postfix with the relayed domain
DNS Always Getting Non-Authoritative Answer
how can I use openssl to download my ldap cert over port 389 instead of 636 (TLS)?
Unstable 10Gb copper links, Broadcom and Intel cards to Cisco 4900M switches
Should i disable DNS recursion?
On FreeNas what is the difference between the "Permission Type" and the "Share Type" setting?