hosts.yaml has below all:vars
[all:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
ansible_connection=ssh
ansible_port=22
ansible_user=sam
ansible_ssh_pass=abc@123
Now i want to hide ansible_ssh_pass variable or encrypt/salt this value thats it .
how do i do that. I m ok even if i store that in plaintext and reference here .
im fine evenits base64 just should not be in plain in hosts.yaml.
Use an SSH key then no password is needed.
Or create a separate vars file P_vars or something
and have p_ansible_ssh_pass=yourpassword
encrypt that file with ansible vault
then reference that in your all:vars
ansible_ssh_pass={{ p_ansible_ssh_pass }}
you can then see the file and non secure vars without having to un-encrypt the vault but can see that a password stored in vault is used and what it’s name is.
you then have the problem the ansible vault password is needed every time you run your playbook / add hoc commands but you can include a reference to that in your .ansible.cfg and have it reference somewhere on your machine that isn’t included in your source
control and protected to only be ready by your user.
From: ansible...@googlegroups.com <ansible...@googlegroups.com>
On Behalf Of Todd Lewis
Sent: Thursday, December 14, 2023 11:32 PM
To: Ansible Project <ansible...@googlegroups.com>
Subject: [ansible-project] Re: how to encrypt ssh_pass password without asking any more password
Caution: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe |
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ansible-proje...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b4abdd48-0506-492c-9930-d7c2d2b86402n%40googlegroups.com.
Proud to be a certified B Corporation
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Zen Internet Limited may monitor email traffic data to manage billing, to handle customer enquiries, and for the prevention and detection of fraud. We may also monitor the content of emails sent to and/or
from Zen Internet Limited for the purposes of security, staff training and to monitor the quality of service.
Zen Internet Limited is registered in England and Wales, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01