{"id":7337,"date":"2018-04-06T09:13:12","date_gmt":"2018-04-06T01:13:12","guid":{"rendered":"http:\/\/rmohan.com\/?p=7337"},"modified":"2018-04-06T09:13:12","modified_gmt":"2018-04-06T01:13:12","slug":"ansible-vault","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7337","title":{"rendered":"ansible vault"},"content":{"rendered":"<p>root@controller ~]# ansible-vault create mohan.yml<br \/>\nVault password:<\/p>\n<p>[root@controller ~]# cat mohan.yml<br \/>\n$ANSIBLE_VAULT;1.1;AES256<br \/>\n38623235633039636166356162393064363936303461306536386237663032383932656164633131<br \/>\n6132633132376266313863366164396535386539666562310a306562383834343431633536353332<br \/>\n63303935623030393261373030343366323361653238306531356434333538613236303738653730<br \/>\n3935313536396361640a343836366434613638316538333165366161306166396564353635383831<br \/>\n30636536366462646362373432396234383432376437633764616239393938366137<\/p>\n<p>[root@controller ~]# ansible-vault view mohan.yml<br \/>\nVault password:<br \/>\nhai how are you<\/p>\n<p>[root@controller ~]# ansible-vault edit mohan.yml<br \/>\nVault password:<\/p>\n<p>[root@controller ~]# ansible-vault rekey mohan.yml<br \/>\nVault password:<br \/>\nNew Vault password:<br \/>\nConfirm New Vault password:<br \/>\nRekey successful<\/p>\n<p>[root@controller ~]# ansible-playbook mohan.yml<br \/>\nERROR! Decryption failed on \/root\/mohan.yml<\/p>\n<p>[root@controller ~]# ansible-playbook \u2013ask-vault-pass mohan.yml<br \/>\nVault password:<\/p>\n<p>[root@controller ~]# ansible-vault encrypt 4.yml<br \/>\nVault password:<br \/>\nEncryption successful<br \/>\n[root@controller ~]# ansible-playbook 4.yml<br \/>\nERROR! Decryption failed on \/root\/4.yml<br \/>\n[root@controller ~]# ansible-playbook \u2013ask-vault-pass 4.yml<br \/>\nVault password:<\/p>\n<p>PLAY [localhost] ***************************************************************<\/p>\n<p>TASK [setup] *******************************************************************<br \/>\nok: [localhost]<\/p>\n<p>PLAY RECAP *********************************************************************<br \/>\nlocalhost : ok=1 changed=0 unreachable=0 failed=0<br \/>\n=======================================<br \/>\n[root@controller ~]# ansible-vault decrypt 4.yml<br \/>\nVault password:<br \/>\nDecryption successful<\/p>\n<p>[root@controller ~]# ansible-playbook 4.yml<\/p>\n<p>PLAY [localhost] ***************************************************************<\/p>\n<p>TASK [setup] *******************************************************************<br \/>\nok: [localhost]<\/p>\n<p>PLAY RECAP *********************************************************************<br \/>\nlocalhost : ok=1 changed=0 unreachable=0 failed=0<br \/>\n========================================<br \/>\n[root@controller ~]# ansible-vault decrypt 4.yml \u2013output=4-decrypted.yml<br \/>\nVault password:<br \/>\nDecryption successful<br \/>\n[root@controller ~]# cat 4.yml<br \/>\n$ANSIBLE_VAULT;1.1;AES256<br \/>\n65386464336638663338363031383263633764393937633839366565336166303935363733616663<br \/>\n6636633734663766353365613063396565383662366539390a613765626239363361386165653763<br \/>\n35353730633164346634666339616232343830643434393563363662386633393830313538306130<br \/>\n3366386539313535380a643639613765653235363235383463663735663639333232353230343664<br \/>\n37346532353963663636303833653230333661333735393339336264303136636165366365326538<br \/>\n39613537353638373464333633353235356538653333643864623063333534303766373039373031<br \/>\n383436656161333330373162633966386639<br \/>\n[root@controller ~]# cat 4-decrypted.yml<br \/>\n\u2013 hosts: localhost<br \/>\nvars:<br \/>\nuser: joe<br \/>\nhome: \/home\/joe<br \/>\n=======================================<br \/>\n[root@controller ~]# vim vault-pass<br \/>\nredhat_123<\/p>\n<p>[root@controller ~]# ansible-vault decrypt \u2013vault-password-file=vault-pass sample.yaml<\/p>\n<p>[root@controller ~]# ansible-vault create \u2013vault-password-file=vault-pass example.yaml<br \/>\n\u2014<br \/>\n\u2013 name: installing packages<br \/>\nhosts: localhost<br \/>\ntasks:<br \/>\n\u2013 yum: name=elinks state=latest<\/p>\n<p>[root@controller ~]# cat example.yaml<br \/>\n$ANSIBLE_VAULT;1.1;AES256<br \/>\n37653137363538613630333039386164353232636333306430336333316164363566373464316634<br \/>\n3636336637336535633039323631313038643366393534650a393762643936343566313638646662<br \/>\n64663338376162643463343232396361383739303635383438323831386539303337623764316537<br \/>\n3961653566353362330a393530333638356663303264326331386166613330323539343436396632<br \/>\n38636630393133393064623437663133376233663934346666313162363838386532626337646134<br \/>\n39316561633530336663663238333766353861666339353134663930663839393532396334643062<br \/>\n64393233653834646463366432633965663432313431656236386664643461386365613363616432<br \/>\n35306537656335316561393966656362393634373237313737623164633836663561363636646332<br \/>\n32663839343461323832626263363762313730346333353034383539333332366463<\/p>\n<p>[root@controller ~]# ansible-playbook example.yaml<br \/>\nERROR! Decryption failed on \/root\/example.yaml<\/p>\n<p>[root@controller ~]# ansible-playbook \u2013vault-password-file=vault-pass \u2013syntax-check example.yaml<\/p>\n<p>playbook: example.yaml<\/p>\n<p>[root@controller ~]# ansible-playbook \u2013vault-password-file=vault-pass example.yaml<\/p>\n<p>PLAY [installing packages] *****************************************************<\/p>\n<p>TASK [setup] *******************************************************************<br \/>\nok: [localhost]<\/p>\n<p>TASK [yum] *********************************************************************<br \/>\nchanged: [localhost]<\/p>\n<p>PLAY RECAP *********************************************************************<br \/>\nlocalhost : ok=2 changed=1 unreachable=0 failed=0<br \/>\n=========================================<\/p>\n<p>[root@controller ~]# vim newpassword<br \/>\nmohan0494<\/p>\n<p>[root@controller ~]# ansible-vault rekey \u2013new-vault-password-file=newpassword example.yaml<br \/>\nVault password:<br \/>\nRekey successful<\/p>\n<p>[root@controller ~]# ansible-playbook \u2013vault-password-file=newpassword example.yaml<\/p>\n<p>PLAY [installing packages] *****************************************************<\/p>\n<p>TASK [setup] *******************************************************************<br \/>\nok: [localhost]<\/p>\n<p>TASK [yum] *********************************************************************<br \/>\nok: [localhost]<\/p>\n<p>PLAY RECAP *********************************************************************<br \/>\nlocalhost : ok=2 changed=0 unreachable=0 failed=0<\/p>\n<p>[root@controller ~]# ansible-vault decrypt \u2013vault-password-file=newpassword example.yaml<br \/>\nDecryption successful<br \/>\n[root@controller ~]# cat example.yaml<br \/>\n\u2014<br \/>\n\u2013 name: installing packages<br \/>\nhosts: localhost<br \/>\ntasks:<br \/>\n\u2013 yum: name=elinks state=latest<\/p>\n<p>[root@controller ~]# ansible-vault encrypt \u2013vault-password-file=newpassword example.yaml<br \/>\nEncryption successful<br \/>\n[root@controller ~]# cat example.yaml<br \/>\n$ANSIBLE_VAULT;1.1;AES256<br \/>\n64643166623463393937376165333034363635653931663839633836316239333035396161663165<br \/>\n6461613861373731383431303839383839316264366538350a373839396533633333313364626330<br \/>\n31336538356365666537373438306165333534363533636436636666656162346530643539316261<br \/>\n3431343233373135620a336163633164633961353339303433396639373735663038306262613639<br \/>\n65666130303539613131663666313361646538643038643834383966633364353162626233356132<br \/>\n64333930643531343066383164393238383639343764376661303734336532393431633534366238<br \/>\n62313537623834376535643830353361633336613563363535363931343934303739643039386532<br \/>\n62653335373632633465633063653564616430393234343862383437353732383231656138386165<br \/>\n38363135656434363239383065306136653863363334376230393739643539616463<\/p>\n","protected":false},"excerpt":{"rendered":"<p>root@controller ~]# ansible-vault create mohan.yml Vault password:<\/p>\n<p>[root@controller ~]# cat mohan.yml $ANSIBLE_VAULT;1.1;AES256 38623235633039636166356162393064363936303461306536386237663032383932656164633131 6132633132376266313863366164396535386539666562310a306562383834343431633536353332 63303935623030393261373030343366323361653238306531356434333538613236303738653730 3935313536396361640a343836366434613638316538333165366161306166396564353635383831 30636536366462646362373432396234383432376437633764616239393938366137<\/p>\n<p>[root@controller ~]# ansible-vault view mohan.yml Vault password: hai how are you<\/p>\n<p>[root@controller ~]# ansible-vault edit mohan.yml Vault password:<\/p>\n<p>[root@controller ~]# ansible-vault rekey mohan.yml Vault password: New Vault password: Confirm New Vault password: Rekey successful<\/p>\n<p>[root@controller ~]# ansible-playbook mohan.yml [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[91],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7337"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7337"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7337\/revisions"}],"predecessor-version":[{"id":7338,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7337\/revisions\/7338"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}