Hi all,
I want to encrypt a file on a remote host. I was looking through the existing modules and couldn’t find any that is able to do that?
My use case is that I want to create a backup (tar file) on a remote host, encrypt the backup archive and upload it to some storage.
I’m aware of Ansible vault, but it’s intended purpose is for encrypting secrets etc. to use it in the playbook and not encrypting a remote file.
Maybe someone has a suggestion.
Thanks!
~ Roman
Hi all,
I want to encrypt a file on a remote host. I was looking through the existing modules and couldn't find any that is able to do that?
My use case is that I want to create a backup (tar file) on a remote host, encrypt the backup archive and upload it to some storage.
I'm aware of Ansible vault, but it's intended purpose is for encrypting secrets etc. to use it in the playbook and not encrypting a remote file.
Maybe someone has a suggestion.
Thanks!
~ Roman
Hello Roman,
how would you do the encryption without Ansible?
Regards
Racke
Hi Stefan,
probably with openssl or gpg.
See
https://gist.github.com/dreikanter/c7e85598664901afae03fedff308736b
https://www.gnupg.org/gph/en/manual/x110.html
I mean, I could do this with a basic shell module, but I’m wondering that there’s no module fur such actions.
Thanks,
Roman
Hi Stefan,
probably with openssl or gpg.
See
https://gist.github.com/dreikanter/c7e85598664901afae03fedff308736b
https://www.gnupg.org/gph/en/manual/x110.htmlI mean, I could do this with a basic shell module, but I'm wondering that there's no module fur such actions.
Hello Roman,
yeah, I guess you need to use the command module (not the shell module) or a dedicated backup software that does the encryption.
Regards
Racke
Is it OK for an unencrypted copy of the backup to live on the to live on the remote storage, where it could be encrypted and uploaded? Ansible can have access to zip or GPG keys configured, especially publishing pubic GPG keys for use on the server that hosts the unencrypted file. The GPG public key need not be a secret: it could be published to the remote host to encrypt the file locally before upload.