From the course: Ansible for Automation Essential Training: Advanced Playbooks, Roles, and Diverse Hosts
Join today to access over 24,700 courses taught by industry experts.
An overview of secrets in Ansible - Ansible Tutorial
From the course: Ansible for Automation Essential Training: Advanced Playbooks, Roles, and Diverse Hosts
An overview of secrets in Ansible
- [Instructor] First, don't put secrets in your playbook. It only leads to heartache. Seriously though, I try to never put secrets in playbooks, even when developing. Most organizations I work with store their playbooks in a git repository. When you store files in git, it will track your changes, so folks can go back in time and see all of your secrets, even if you remove them. You can clean the logs, but why risk it, especially if you are using public git repositories like GitHub. It only takes a few minutes for someone to score your AWS key and exploit it. Ask me how I know. One way to utilize secrets is to inject them as extra vars in your playbook. This keeps you from having to store secrets, since you are supplying them at execution time. You can also have Ansible prompt you for a secret at execution time. A third and popular option is to encrypt secrets in a file via a method called vaulting. When you vault a file, it stays encrypted until you decide to decrypt it for use. It's…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.