DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Deployment
  4. Ansible Vault: Securing Sensitive Information

Ansible Vault: Securing Sensitive Information

In this article, we're going to look at using Ansible vault to ping a windows server, and secure the information on that server.

Manoj Kumar user avatar by
Manoj Kumar
·
Apr. 11, 17 · Tutorial
Like (1)
Save
Tweet
Share
5.47K Views

Join the DZone community and get the full member experience.

Join For Free

If you have followed my previous articles, we have been using plain text to store ssh passwords for accessing Windows. This is a big NO NO in live environments!

Ansible comes with an encryption feature named "Ansible Vault" to tackle this concern. We will be using it to encrypt our ssh password in this lab.

Let's continue from our last article Ansible Galaxy: Ping Windows Servers. I am assuming you have successfully pinged the Windows servers. Let's get started.

Step 1. Edit Inventory File (hosts) located at /winservers/hosts and the replace value for ansible_ssh_pass with {{ win_pass }}  

Image title

Now that we have included a variable, Ansible will try to search for this variable in our galaxy "ping." All these variables are stored in /winservers/ping/vars/main.yml  

Step 2. Edit Vars- In the terminal window you will find:

 vi /winservers/ping/vars/main.yml 

Replace this content with:

 win_pass: P@ssword1234 

You may replace your windows server password here.

Save the file.

Step 3: Encrypt Your File Using Vault- In the terminal window, type:

 ansible-vault encrypt main.yml 

It will ask for a new vault password and a confirmation.

Image title

The password will be used whenever you want to edit or view content using vault.

Step 4. View Vault File Using vi

vi /winservers/ping/vars/main.yml

Image title

This is the encrypted version of the main.yml file. 

Step 5. View Vault Encrypted File

 ansible-vault view main.yml 

Vault will ask for the password that you created in Step 3 while encrypting the file. 

Image title


Step 6. Edit Vault Encrypted File

 ansible-vault edit main.yml 

Image title

You may make changes to the file and save, the encryption of the file takes place once you save the file.

Step 7. Executing the Playbook With Vault Password

Browse to  /winservers/ and type:

 ansible-playbook pingservers.yml 

You will get the following error:

Image title

Since we have used vault, we must use  --ask-vault-pass with our playbook command

 ansible-playbook pingservers.yml --ask-vault-pass 

Image title

Congratulations! You have successfully pinged your Windows Server while implementing Ansible Vault!

Thanks for reading!

Ansible (software)

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How To Select Multiple Checkboxes in Selenium WebDriver Using Java
  • Building the Next-Generation Data Lakehouse: 10X Performance
  • Running Databases on Kubernetes
  • Build an Automated Testing Pipeline With GitLab CI/CD and Selenium Grid
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: