How to encrypt ansible vault password

Anjali_Adhikari · September 24, 2021, 7:30am

Hi All,

I am facing a challenge in getting CISO approval for my ansible project.
Issue: We are using Ansible vault for keeping vars secret. However, that vault password we are keeping it in ./ path in clear text.Can we encrypt the vault password itself.

Please assist me on this ,

Thanks in advance.

steve_missoh · September 24, 2021, 8:23am

Hi, interesting question.
I suggest you two approaches:
1)

Apply strict ACL on the vault password file (like 0400 for e.g.)
Do not version the file
rekey it frequently

Make use of an external or third party secret manager tool to store the vault password and get access to it through a script.

Regards.

Anjali_Adhikari · September 24, 2021, 9:59am

Hi Stefim,

Thanks for your reponse.Much appritaite !

regarding the third party, we tried that. We used one password to store it, but while ansible taking that password from 1password, it’s fetching in cleartext.

Dick_Visser · September 24, 2021, 11:48am

Eventually ansible needs the plain text

Topic		Replies	Views
Vault encrypting password over the network or just locally Ansible Project	3	0	February 28, 2019
the password to my vault Ansible Project	1	0	June 12, 2023
Ansible Password Encryption Ansible Project	1	0	December 25, 2019
can we encrypt a string (password) using ansible vault. Ansible Project	2	0	August 6, 2018
Encrypted Password in Playbook Ansible Project	8	2	January 24, 2020

How to encrypt ansible vault password

Related topics