Docker and Ansible Vault: An insecure match?

Mahmoud_Saada · July 14, 2015, 1:06am

Ansible Vault requires to prompt the user for a password or a file containing the password. But if I’m running Ansible inside of a container, I cannot prompt the user for a password.

How can I run a playbook using vars encrypted by Vault during a Docker build?
How can I do it without exposing a password file?
Is there a best practice?

Paul_Totterman · July 15, 2015, 7:55am

How can I run a playbook using vars encrypted by Vault during a Docker build?

Don’t

How can I do it without exposing a password file?
Is there a best practice?

Give sensitive information to the docker container as environment values. See e.g. https://registry.hub.docker.com/_/postgres/ and POSTGRES_PASSWORD

Cheers,
Paul

Topic		Replies	Views
Obfuscate password in the Ansible Vault Ansible Project	1	0	February 19, 2020
skipping vault? Ansible Project	0	0	October 9, 2014
can we encrypt a string (password) using ansible vault. Ansible Project	2	0	August 6, 2018
Keyword in playbook to include vault Ansible Project	1	1	December 24, 2014
Encrypted Password in Playbook Ansible Project	8	2	January 24, 2020

Docker and Ansible Vault: An insecure match?

Related topics