How to encrypt ansible vault password
30 views
Skip to first unread message
Anjali Adhikari
Sep 24, 2021, 3:30:32 AM9/24/21
to Ansible Project
Hi All,
I am facing a challenge in getting CISO approval for my ansible project.
Issue: We are using Ansible vault for keeping vars secret. However, that vault password we are keeping it in ./ path in clear text.Can we encrypt the vault password itself.
Please assist me on this ,
Thanks in advance.
steve missoh
Sep 24, 2021, 4:23:46 AM9/24/21
to Ansible Project
Hi, interesting question.
I suggest you two approaches:
1)
* Apply strict ACL on the vault password file (like 0400 for e.g.)
* Do not version the file
* Do not version the file
* rekey it frequently
2)
Make use of an external or third party secret manager tool to store the vault password and get access to it through a script.
Regards.
Anjali Adhikari
Sep 24, 2021, 5:59:12 AM9/24/21
to Ansible Project
Hi Stefim,
Thanks for your reponse.Much appritaite !
regarding the third party, we tried that. We used one password to store it, but while ansible taking that password from 1password, it's fetching in cleartext.
Dick Visser
Sep 24, 2021, 7:48:38 AM9/24/21
to ansible...@googlegroups.com
Eventually ansible needs the plain text
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2eecd2b2-4801-47dc-811b-197c8e36fc7dn%40googlegroups.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Reply all
Reply to author
Forward
0 new messages