Hello Ansible Community,
I’m encountering a challenge in managing personal authentication credentials (like Active Directory and vCenter logins) in my Ansible project, which is located on a shared, Proof of Concept (POC) Ansible server in my home directory. My goal is to secure these credentials in a way that they are not easily decrypted by others with sudo access, while also avoiding manual entry for each playbook execution.
Currently, I’m considering the following approaches:
Using a password-protected Ansible Vault file: This method seems secure, but it’s causing issues with Ansible-Lint as per this forum thread.
Implementing PAM as suggested in the Redhat documentation: This appears to require extensive infrastructure setup (like trust relationships with AD and internal PKI), which is not feasible at the moment.
I’m seeking advice or alternative solutions that balance security with ease of use. How can I effectively manage personal credentials in this shared environment without extensive infrastructure changes?
Appreciate any insights or experiences you can share!