Traffine I/O

English

2023-02-17

Ansible Vault

Software Development
Software Development

What is Ansible Vault

Ansible Vault is an encryption feature of Ansible. It allows you to encrypt sensitive information that you don't want to register as is in Git.

How to use Ansible Vault

Installation

To use Ansible Vault, you need to install Ansible, which can be easily done with the brew command on a Mac.

$ brew install ansible

encrypt

You can encrypt files with the ansible-vault encrypt command.

Suppose you have the following sample.txt.

sample.txt
hello world

Encrypt this file. Execute the following command. You will be prompted for a password when executing it.

$ ansible-vault encrypt sample.txt

New Vault password:
Confirm New Vault password:
Encryption successful

You can see that sample.txt is encrypted.

$ cat sample.txt

$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

view

You can use the ansible-vault view command to see the contents of the encrypted files.

The sample.txt is encrypted as follows.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

Check the contents of the file with the following command.

$ ansible-vault view sample.txt
Vault password:

hello world

decrypt

You can decrypt encrypted files with the ansible-vault decrypt command.

The sample.txt is encrypted as follows.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

Decrypt the file with the following command.

$ ansible-vault decrypt sample.txt

Vault password:
Decryption successful

If you check the contents of sample.txt, you will see that it has been decrypted.

$ cat sample.txt

hello world

edit

You can edit encrypted files with the ansible-vault edit command.

The sample.txt is encrypted as follows.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

Edit the file with the following command.

$ ansible-vault edit sample.txt

The edit screen will appear as follows.

ansible-vault edit

Let us add hello world2. To finish editing, type :wq and press Enter.

ansible-vault edit2

The sample.txt will be updated as follows.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
66643539663734313236383233323632396332386435343338643133316265633866356334373735
3434633866386133633337616366653831653130396237660a303362613461316666626534633039
31653665613166646431343761663030336432626237646439356435383263343863353562363535
6362336435386564620a633761366435653261636231303962376464343438333635306666316634
62656237363533613930366164643534613036376165626235306230396538313232

rekey

You can change the encryption password with the ansible-vault rekey command.

$ ansible-vault rekey sample.txt

Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful

encrypt_string

The ansible-vault encrypt_string command allows you to encrypt only specific values in a file.

Suppose you have the following sample.yml file.

sample.yml
ansible_user: admin
ansible_password: Passw0rd

Run the following command to encrypt the Passw0rd in the sample.yml file.

$ ansible-vault encrypt_string 'Passw0rd' --name 'ansible_passowrd'

New Vault password:
Confirm New Vault password:
Encryption successful
ansible_passowrd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          61666133633537333166386335396662623163636437346438353039323461346439343463663337
          3037633263366231316336313831356230656266646536380a303965613565336461313931386634
          30616131653230356666396239386561613166393730353261363963393465386338663733386231
          3663343932656539300a666234353464643632646661326339653438613631303338363530653166
          3563

At this time, nothing changes in sample.yml. Manually replace Passw0rd in sample.yml as follows.

sample.yml
$ cat sample.yml
ansible_user: admin
ansible_passowrd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          61666133633537333166386335396662623163636437346438353039323461346439343463663337
          3037633263366231316336313831356230656266646536380a303965613565336461313931386634
          30616131653230356666396239386561613166393730353261363963393465386338663733386231
          3663343932656539300a666234353464643632646661326339653438613631303338363530653166
          3563

You can decrypt the value by executing the following command.

$ echo '$ANSIBLE_VAULT;1.1;AES256
61666133633537333166386335396662623163636437346438353039323461346439343463663337
3037633263366231316336313831356230656266646536380a303965613565336461313931386634
30616131653230356666396239386561613166393730353261363963393465386338663733386231
3663343932656539300a666234353464643632646661326339653438613631303338363530653166
3563' | ansible-vault decrypt

Vault password:
Decryption successful
Passw0rd

--vault-password-file

You can specify a password file with the --vault-password-file option.

Suppose you have the following pw_file.

pw_file
mypassword

You can encrypt sample.txt by specifying pw_file as the password file with the following command.

$ ansible-vault encrypt --vault-password-file pw_file sample.txt

--vault-id

Ansible Vault allows multiple passwords.

The --vault-id label@source option specifies the Vault identifier and password file. For example, the command would look like this.

$ ansible-vault encrypt --vault-id password1@pw_file sample.txt

--output

The --output option allows you to specify the output destination for the generated files.

$ ansible-vault encrypt --output dir/sample.txt.vault sample.txt

$ ansible-vault decrypt --output sample.txt dir/sample.txt.vault

References

https://docs.ansible.com/ansible/latest/vault_guide/index.html

Mathematical expression in LaTeX

direnv

AlloyDB
AlloyDB
Amazon Cognito
Amazon Cognito
Amazon EC2
Amazon EC2
Amazon ECS
Amazon ECS
Amazon QuickSight
Amazon QuickSight
Amazon RDS
Amazon RDS
Amazon Redshift
Amazon Redshift
Amazon S3
Amazon S3
API
API
Autonomous Vehicle
Autonomous Vehicle
AWS
AWS
AWS API Gateway
AWS API Gateway
AWS Chalice
AWS Chalice
AWS Control Tower
AWS Control Tower
AWS IAM
AWS IAM
AWS Lambda
AWS Lambda
AWS VPC
AWS VPC
BERT
BERT
BigQuery
BigQuery
Causal Inference
Causal Inference
ChatGPT
ChatGPT
Chrome Extension
Chrome Extension
CircleCI
CircleCI
Classification
Classification
Cloud Functions
Cloud Functions
Cloud IAM
Cloud IAM
Cloud Run
Cloud Run
Cloud Storage
Cloud Storage
Clustering
Clustering
CSS
CSS
Data Engineering
Data Engineering
Data Modeling
Data Modeling
Database
Database
dbt
dbt
Decision Tree
Decision Tree
Deep Learning
Deep Learning
Descriptive Statistics
Descriptive Statistics
Differential Equation
Differential Equation
Dimensionality Reduction
Dimensionality Reduction
Discrete Choice Model
Discrete Choice Model
Docker
Docker
Economics
Economics
FastAPI
FastAPI
Firebase
Firebase
GIS
GIS
git
git
GitHub
GitHub
GitHub Actions
GitHub Actions
Google
Google
Google Cloud
Google Cloud
Google Search Console
Google Search Console
Hugging Face
Hugging Face
Hypothesis Testing
Hypothesis Testing
Inferential Statistics
Inferential Statistics
Interval Estimation
Interval Estimation
JavaScript
JavaScript
Jinja
Jinja
Kedro
Kedro
Kubernetes
Kubernetes
LightGBM
LightGBM
Linux
Linux
LLM
LLM
Mac
Mac
Machine Learning
Machine Learning
Macroeconomics
Macroeconomics
Marketing
Marketing
Mathematical Model
Mathematical Model
Meltano
Meltano
MLflow
MLflow
MLOps
MLOps
MySQL
MySQL
NextJS
NextJS
NLP
NLP
Nodejs
Nodejs
NoSQL
NoSQL
ONNX
ONNX
OpenAI
OpenAI
Optimization Problem
Optimization Problem
Optuna
Optuna
Pandas
Pandas
Pinecone
Pinecone
PostGIS
PostGIS
PostgreSQL
PostgreSQL
Probability Distribution
Probability Distribution
Product
Product
Project
Project
Psychology
Psychology
Python
Python
PyTorch
PyTorch
QGIS
QGIS
R
R
ReactJS
ReactJS
Regression
Regression
Rideshare
Rideshare
SEO
SEO
Singer
Singer
sklearn
sklearn
Slack
Slack
Snowflake
Snowflake
Software Development
Software Development
SQL
SQL
Statistical Model
Statistical Model
Statistics
Statistics
Streamlit
Streamlit
Tabular
Tabular
Tailwind CSS
Tailwind CSS
TensorFlow
TensorFlow
Terraform
Terraform
Transportation
Transportation
TypeScript
TypeScript
Urban Planning
Urban Planning
Vector Database
Vector Database
Vertex AI
Vertex AI
VSCode
VSCode
XGBoost
XGBoost

Ryusei Kakujo

researchgatelinkedingithub

Focusing on data science for mobility

Bench Press 100kg!