ansible-vault命令行工具
首先创建一个密码文件password.txt:
text
testpass加密
bash
ansible-vault encrypt password.txt注意记录下自己的vault密码
查看加密后的文件
bash
ansible-vault view password.txt解密
bash
ansible-vault decrypt password.txt改变加密密码
bash
ansible-vault rekey password.txt从文件中读取加密密码
bash
ansible-vault encrypt --vault-id=vault-pass.txt password.txt传输文件到远程主机之前进行解密:
bash
ansible dev -m copy --vault-id=vault-pass.txt -a "src=./mydata.txt dest=/tmp/mydata.txt"在Playbook中使用加密数据
首先是机密数据 userinfo.yml:
yaml
uname: lcoding
upass: 'testpass'加密数据:
bash
ansible-vault encrypt userinfo.yml使用机密数据创建用户:
vault-test.yml
yaml
---
- hosts: dev
var_files: userinfo.yml
tasks:
- name: create user from encrpted file
user:
name: "{{uname}}"
password: "{{upass|password_hash('sha512')}}"运行playbook:
bash
ansible-playbook --ask-vault-pass vault-test.yml
