35 lines
645 B
Markdown
35 lines
645 B
Markdown
### Ansible Vault usage
|
|
|
|
````markdown
|
|
# Using Ansible Vault for secrets
|
|
|
|
- Create vault file (only once):
|
|
```bash
|
|
ansible-vault create group_vars/proxmox/vault.yml
|
|
````
|
|
|
|
* Edit vault file:
|
|
|
|
```bash
|
|
ansible-vault edit group_vars/proxmox/vault.yml
|
|
```
|
|
|
|
* Vault file supports nested YAML structures.
|
|
|
|
* Run playbooks with vault password prompt:
|
|
|
|
```bash
|
|
ansible-playbook bootstrap.yml --ask-vault-pass
|
|
```
|
|
|
|
* Or provide a password file:
|
|
|
|
```bash
|
|
ansible-playbook bootstrap.yml --vault-password-file ~/.vault_pass.txt
|
|
```
|
|
|
|
* Access secrets in playbooks as normal variables, e.g.:
|
|
|
|
```yaml
|
|
{{ proxmox.root_password }}
|
|
```
|