Good morning,
As a long time Ansible user (I believe I started using it in 2014 or so), I tend to solve most automation and administrative challenges with it where appropriate, so allow me to say that you for such an excellent piece of software, that makes DevOps and DevSecOps so much easier. I use it for Linux, Windows, Network Devices, and just about anything I can. (Oh do I remember the days of using Capistrano for automation before tools like this existed).
Recently, I’ve been attempting to solve some problems on some Windows systems, and I’ve gotten almost all of it working exactly as we want, for everything from systems provisioning, system state, and code deployment as part of a CI/CD pipeline.
Part of our security requirements are to enable encryption at rest. On Windows, we would ideally like to do this via either BitLocker or EFS (preferably EFS for the moment), and I was wondering if there is any support in Ansible for either of these encryption solutions? EFS seems like it would be the most straightforward, as it is essentially an attribute, in much the same way as compression. I know that this can be accomplished via Powershell, in this way:
(Get-Item –Path C:\FolderPath).Encrypt()
(Get-Item –Path C:\FolderPath).Decrypt)
It would be fantastic if this was part of one of the existing Windows modules and I simply missed it (such as win_file, or another).
I know it would be possible to run it via the Powershell module, but I thought I would ask. Similarly, I thought I would ask if there’s any way to manage BitLocker via Ansible (as it stands today)?
How about SQL Server 2019 and TDE support in the MSSQL module?
Thanks again for such a wonderful piece of software, that has helped me save hundreds, if not thousands of hours over the last several years.
Michael S. Moody