Hi All,
In my environment I am automatically triggering ansible-playbook with in bash script like below(not possible to give password in interactive prompt). I am storing the vault password in plain text file in the file system and deleting it after deployment. But I don’t want to store plain password in file system.
# ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt
What is the best way to secure vault password and pass it automatically with out any manual intervention?
Any help will be really appreciated.
Thanks
Mohan L
Well…
You can set a location for your vault password file in your ansible.cfg
vault_password_file = /path/to/vault_password_file
You can also use a python script that generates and returns the password to STDOUT instead of just having the password in a plain text file.
http://docs.ansible.com/ansible/playbooks_vault.html#running-a-playbook-with-vault
Hope this helps,
Jon
You can use gnupg to encrypt the passphrase to vault to yourself and whoever else needs it without sharing or knowing their passphrases. http://benincosa.com/?p=3235
when trying it, i found this useful too, http://sudoers.org/2013/11/05/gpg-agent.html