Traffine I/O

Bahasa Indonesia

2023-02-17

Ansible Vault

Software Development
Software Development

Apa itu Ansible Vault

Ansible Vault adalah fitur enkripsi dari Ansible. Fitur ini memungkinkan Anda untuk mengenkripsi informasi sensitif yang tidak ingin Anda daftarkan seperti yang ada di Git.

Cara menggunakan Ansible Vault

Instalasi

Untuk menggunakan Ansible Vault, Anda perlu menginstal Ansible, yang dapat dengan mudah dilakukan dengan perintah brew pada Mac.

$ brew install ansible

encrypt

Anda dapat mengenkripsi file dengan perintah ansible-vault encrypt.

Misalkan Anda memiliki sample.txt berikut ini.

sample.txt
hello world

Enkripsi file ini. Jalankan perintah berikut. Anda akan diminta untuk memasukkan kata sandi saat menjalankannya.

$ ansible-vault encrypt sample.txt

New Vault password:
Confirm New Vault password:
Encryption successful

Anda dapat melihat bahwa sample.txt dienkripsi.

$ cat sample.txt

$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

view

Anda dapat menggunakan perintah ansible-vault view untuk melihat isi file terenkripsi.

File sample.txt dienkripsi sebagai berikut.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

Periksa isi file dengan perintah berikut.

$ ansible-vault view sample.txt
Vault password:

hello world

decrypt

Anda dapat mendekripsi file terenkripsi dengan perintah ansible-vault decrypt.

File sample.txt dienkripsi sebagai berikut.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

Dekripsi file dengan perintah berikut.

$ ansible-vault decrypt sample.txt

Vault password:
Decryption successful

Jika Anda memeriksa isi sample.txt, Anda akan melihat bahwa isinya telah didekripsi.

$ cat sample.txt

hello world

edit

Anda dapat mengedit file terenkripsi dengan perintah ansible-vault edit.

File sample.txt dienkripsi sebagai berikut.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
35346464303934323662376134353665626366656530306435343563613639356661303032613531
3538363133366661366132653661383763313564303435610a353037323661373237376565626163
38666534616566343862396233373138323466376332383334626637313365666332626165613263
3938343333313936360a393865313834326439613332316238383735663738363639626538623432
3039

Edit file dengan perintah berikut.

$ ansible-vault edit sample.txt

Layar edit akan muncul sebagai berikut.

ansible-vault edit

Mari kita tambahkan hello world2. Untuk menyelesaikan pengeditan, ketik :wq dan tekan Enter.

ansible-vault edit2

sample.txt akan diperbarui sebagai berikut.

sample.txt
$ANSIBLE_VAULT;1.1;AES256
66643539663734313236383233323632396332386435343338643133316265633866356334373735
3434633866386133633337616366653831653130396237660a303362613461316666626534633039
31653665613166646431343761663030336432626237646439356435383263343863353562363535
6362336435386564620a633761366435653261636231303962376464343438333635306666316634
62656237363533613930366164643534613036376165626235306230396538313232

rekey

Anda dapat mengubah kata sandi enkripsi dengan perintah ansible-vault rekey.

$ ansible-vault rekey sample.txt

Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful

encrypt_string

Perintah ansible-vault encrypt_string memungkinkan Anda untuk mengenkripsi hanya nilai tertentu dalam sebuah file.

Misalkan Anda memiliki file sample.yml berikut ini.

sample.yml
ansible_user: admin
ansible_password: Passw0rd

Jalankan perintah berikut untuk mengenkripsi Passw0rd pada file sample.yml.

$ ansible-vault encrypt_string 'Passw0rd' --name 'ansible_passowrd'

New Vault password:
Confirm New Vault password:
Encryption successful
ansible_passowrd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          61666133633537333166386335396662623163636437346438353039323461346439343463663337
          3037633263366231316336313831356230656266646536380a303965613565336461313931386634
          30616131653230356666396239386561613166393730353261363963393465386338663733386231
          3663343932656539300a666234353464643632646661326339653438613631303338363530653166
          3563

Pada saat ini, tidak ada yang berubah pada sample.yml. Ganti secara manual Passw0rd di sample.yml sebagai berikut.

sample.yml
$ cat sample.yml
ansible_user: admin
ansible_passowrd: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          61666133633537333166386335396662623163636437346438353039323461346439343463663337
          3037633263366231316336313831356230656266646536380a303965613565336461313931386634
          30616131653230356666396239386561613166393730353261363963393465386338663733386231
          3663343932656539300a666234353464643632646661326339653438613631303338363530653166
          3563

Anda dapat mendekripsi nilai dengan menjalankan perintah berikut.

$ echo '$ANSIBLE_VAULT;1.1;AES256
61666133633537333166386335396662623163636437346438353039323461346439343463663337
3037633263366231316336313831356230656266646536380a303965613565336461313931386634
30616131653230356666396239386561613166393730353261363963393465386338663733386231
3663343932656539300a666234353464643632646661326339653438613631303338363530653166
3563' | ansible-vault decrypt

Vault password:
Decryption successful
Passw0rd

--vault-password-file

Anda dapat menentukan file kata sandi dengan opsi --vault-password-file.

Misalkan Anda memiliki pw_file berikut ini.

pw_file
mypassword

You can encrypt sample.txt by specifying pw_file as the password file with the following command.

$ ansible-vault encrypt --vault-password-file pw_file sample.txt

--vault-id

Ansible Vault memungkinkan beberapa kata sandi.

Opsi --vault-id label@source menentukan pengenal Vault dan berkas kata sandi. Sebagai contoh, perintahnya akan terlihat seperti ini.

$ ansible-vault encrypt --vault-id password1@pw_file sample.txt

--output

Opsi --output memungkinkan Anda menentukan tujuan output untuk file yang dihasilkan.

$ ansible-vault encrypt --output dir/sample.txt.vault sample.txt

$ ansible-vault decrypt --output sample.txt dir/sample.txt.vault

Referensi

https://docs.ansible.com/ansible/latest/vault_guide/index.html

Ekspresi matematika di LaTeX

direnv

AlloyDB
AlloyDB
Amazon Cognito
Amazon Cognito
Amazon EC2
Amazon EC2
Amazon ECS
Amazon ECS
Amazon QuickSight
Amazon QuickSight
Amazon RDS
Amazon RDS
Amazon Redshift
Amazon Redshift
Amazon S3
Amazon S3
API
API
Autonomous Vehicle
Autonomous Vehicle
AWS
AWS
AWS API Gateway
AWS API Gateway
AWS Chalice
AWS Chalice
AWS Control Tower
AWS Control Tower
AWS IAM
AWS IAM
AWS Lambda
AWS Lambda
AWS VPC
AWS VPC
BERT
BERT
BigQuery
BigQuery
Causal Inference
Causal Inference
ChatGPT
ChatGPT
Chrome Extension
Chrome Extension
CircleCI
CircleCI
Classification
Classification
Cloud Functions
Cloud Functions
Cloud IAM
Cloud IAM
Cloud Run
Cloud Run
Cloud Storage
Cloud Storage
Clustering
Clustering
CSS
CSS
Data Engineering
Data Engineering
Data Modeling
Data Modeling
Database
Database
dbt
dbt
Decision Tree
Decision Tree
Deep Learning
Deep Learning
Descriptive Statistics
Descriptive Statistics
Differential Equation
Differential Equation
Dimensionality Reduction
Dimensionality Reduction
Discrete Choice Model
Discrete Choice Model
Docker
Docker
Economics
Economics
FastAPI
FastAPI
Firebase
Firebase
GIS
GIS
git
git
GitHub
GitHub
GitHub Actions
GitHub Actions
Google
Google
Google Cloud
Google Cloud
Google Search Console
Google Search Console
Hugging Face
Hugging Face
Hypothesis Testing
Hypothesis Testing
Inferential Statistics
Inferential Statistics
Interval Estimation
Interval Estimation
JavaScript
JavaScript
Jinja
Jinja
Kedro
Kedro
Kubernetes
Kubernetes
LightGBM
LightGBM
Linux
Linux
LLM
LLM
Mac
Mac
Machine Learning
Machine Learning
Macroeconomics
Macroeconomics
Marketing
Marketing
Mathematical Model
Mathematical Model
Meltano
Meltano
MLflow
MLflow
MLOps
MLOps
MySQL
MySQL
NextJS
NextJS
NLP
NLP
Nodejs
Nodejs
NoSQL
NoSQL
ONNX
ONNX
OpenAI
OpenAI
Optimization Problem
Optimization Problem
Optuna
Optuna
Pandas
Pandas
Pinecone
Pinecone
PostGIS
PostGIS
PostgreSQL
PostgreSQL
Probability Distribution
Probability Distribution
Product
Product
Project
Project
Psychology
Psychology
Python
Python
PyTorch
PyTorch
QGIS
QGIS
R
R
ReactJS
ReactJS
Regression
Regression
Rideshare
Rideshare
SEO
SEO
Singer
Singer
sklearn
sklearn
Slack
Slack
Snowflake
Snowflake
Software Development
Software Development
SQL
SQL
Statistical Model
Statistical Model
Statistics
Statistics
Streamlit
Streamlit
Tabular
Tabular
Tailwind CSS
Tailwind CSS
TensorFlow
TensorFlow
Terraform
Terraform
Transportation
Transportation
TypeScript
TypeScript
Urban Planning
Urban Planning
Vector Database
Vector Database
Vertex AI
Vertex AI
VSCode
VSCode
XGBoost
XGBoost

Ryusei Kakujo

researchgatelinkedingithub

Focusing on data science for mobility

Bench Press 100kg!