Storing Passwords with Ansible Vault
In this lesson, we're going to update our Ansible configuration to handle scenarios where managed nodes have different become passwords. We'll change the become password for one of our nodes, update the ansible.cfg file, create an Ansible Vault to securely store these passwords, modify the inventory to use these stored passwords, and adjust a playbook to reflect these changes.
By the end of this lesson, you'll understand how to manage different become passwords across multiple nodes securely, as well as how to specify different become passwords for each host you manage.
Understanding Ansible Vaults for Secure User Management
Ansible Vaults are essential for securely handling sensitive information in your Ansible projects. They provide a way to encrypt data like passwords or keys, ensuring that such critical information is not exposed in your playbooks or stored in plain text.
Ansible-Vault Commands
If you execute the ansible-vault --help command, you'll see this utility offers several options for managing your encrypted data:
create: Create a new vault encrypted file.decrypt: Decrypt a vault encrypted file.edit: Edit a vault encrypted file in a secure manner.view: View the contents of a vault encrypted file.encrypt: Encrypt a YAML file.encrypt_string: Encrypt a specific string for inclusion in a playbook.rekey: Change the password of an existing vault-encrypted file.
Each command serves a specific purpose, providing flexibility and security in managing sensitive data. In this lesson, we are going to use create to make our Ansible Vault.
Update Password for managed-node-2
First, we need to create a scenario where not all the become passwords are the same. Right now, your lab environment should be using the same password123 password across all nodes for your user account. SSH into managed-node-2 and update its password to password12. This simulates an env…
No comments yet. Add the first comment to start the discussion.