Vault

• Vault is useful for security.
  ex: password, api key...

• It encrypt those informations and decrypt when ansible will be executed

Call ansible-playbook using vault

ansible-playbook playbook.yml --ask-vault-pass

Create Vault

ansible-vault create test.txt

Decrypt Vault

ansible-vault decrypt test.txt

• but decrypt not recommanded because it decrypt FILE
  => so use edit that edit and encrpyt at the same time when save

ansible-vault edit test.txt

View Vault

ansible-vault view test.txt

Usage

• put vars_files in playbook file

  - name: Create password
    hosts: localhost
    vars_files:
      - env_var.txt
    tasks:
      - name: Create passworld file
        ansible.builtin.lineinfile:
          path: /tmp/password.txt
          line: "password={{ password }}"
          create: true
          mode: 0600

• vault file should be to a form dictionary like:

password: nobodycantknow