SlideShare a Scribd company logo

Managing sensitive data with Ansible vault

P
Pascal Stauffer

The document provides an overview of managing sensitive data with Ansible Vault, emphasizing its ability to encrypt files containing sensitive information like passwords and keys. It outlines the benefits, usage, and best practices for using Ansible Vault, including creating, encrypting, and managing encrypted files and variables. Additionally, it highlights potential security risks and encourages proper handling of sensitive data in automation processes.

Technology
1 of 22
Downloaded 21 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Managing sensitive data with Ansible vault
Introduction About me and our company
About Me
2010 x5 x1 Autom ation About Us
What we offer • Linux & AIX consulting with DevOps experience • Infrastructure Automation • official Ansible Partner • consulting & training for Ansible, Python & git
Ansible Vault getting started
What is Ansible vault Vault is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles.
Tech Specs • Binary included in the Ansible core package • AES-256 algorithm encrypted • Decrypted on runtime • Limitation: one Vault password per Ansible playbook
getting started ansible-vault <option> create Create new encrypted file encrypt Encrypt existing file edit Edit encrypted file rekey Change encryption password view View encrypted file
How to use it 1. Create ansible-vault variable file 2. Use it in your Ansible Project 3. Run ansible / ansible-playbook with • --ask-vault-pass Option • or define a password file • define in ansible.cfg vault_password_file path • --vault-password-file Option • as variable ANSIBLE_VAULT_PASSWORD_FILE
What can be encrypted • encrypt YAML files ‣ e.g. group_vars ‣ e.g. host_vars • since Ansible v2.3 single encrypted variables • use the !vault tag
What should be encrypted • sensitive data for automated deployments ‣ SSL private keys ‣ SSH private keys ‣ secrets / credentials
Tips & Tricks make your life easier
Define your variables • layer of indirection • prefix your variables vault_<variablename> • save variables into vault files or directories implicit group_vars/dev/vault.yml group_vars/prod/vault.yml explicit vault_vars/dev.yml vault_vars/prod.yml vs
Best Practices • set ”no_log: true” per task • use different passwords per environments • only encrypt sensitive data • use a strong encryption password • always use a private git repo / restrict access
Are we safe now? • technically could be still compromised • what pushed to git, stays on git • secure your password file • owner & file permissions • outside the git repo / .gitignore
Demo
managing SSL private keys use case
managing database credentials use case
single encrypted variable short demo
confirm IT solutions
 Rathausstrasse 14
 6340 Baar The End Thank you for listening pstauffer8 confirm.ch blog.confirm.chpstauffer https://www.xing.com/profile/Pascal_Stauffer https://www.linkedin.com/in/pascal-stauffer-5030775b
Source • http://docs.ansible.com/ansible/ playbooks_best_practices.html#variables-and-vaults • https://blog.confirm.ch/deploying-ssl-private-keys-with-ansible • http://docs.ansible.com/ansible/playbooks_vault.html • http://docs.ansible.com/ansible/playbooks_vault.html#single- encrypted-variable

More Related Content

PPTX
Using ansible vault to protect your secrets
Excella
 
PDF
Make your Ansible playbooks maintainable, flexible, and scalable
Jeff Geerling
 
PDF
HTTPS and Ansible
Jeff Geerling
 
PPTX
Introduction to Ansible - Jan 28 - Austin MeetUp
tylerturk
 
PPTX
Ansible Best Practices - July 30
tylerturk
 
PDF
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
PDF
Building a bakery of Windows servers with Packer - London WinOps
Ricard Clau
 
PDF
Ansible Berlin Meetup Intro talk by @danvaida
Dan Vaida
 
Using ansible vault to protect your secrets
Excella
 
Make your Ansible playbooks maintainable, flexible, and scalable
Jeff Geerling
 
HTTPS and Ansible
Jeff Geerling
 
Introduction to Ansible - Jan 28 - Austin MeetUp
tylerturk
 
Ansible Best Practices - July 30
tylerturk
 
Managing Your Cisco Datacenter Network with Ansible
fmaccioni
 
Building a bakery of Windows servers with Packer - London WinOps
Ricard Clau
 
Ansible Berlin Meetup Intro talk by @danvaida
Dan Vaida
 

What's hot (20)

ODP
Using Ansible at Scale to Manage a Public Cloud
Jesse Keating
 
PPTX
Introduction to ansible
Dharmit Shah
 
PDF
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
 
PPTX
Automating with Ansible
Ricardo Schmidt
 
PDF
Big Data! Great! Now What? #SymfonyCon 2014
Ricard Clau
 
PPTX
Go Faster with Ansible (AWS meetup)
Richard Donkin
 
PPTX
Nodejsvault austin2019
Taswar Bhatti
 
PDF
What is new in icinga2
Icinga
 
PPTX
Cloud patterns forwardjs April Ottawa 2019
Taswar Bhatti
 
PDF
The Wix Microservice Stack
Tomer Gabel
 
PDF
Ansible Introduction - Ansible Brno #1 - David Karban
ansiblebrno
 
PDF
Hashicorp @ JUST EAT - Part 2
Andrew Brown
 
PDF
Elasticsearch JVM-MX Meetup April 2016
Domingo Suarez Torres
 
PDF
Scaling with Symfony - PHP UK
Ricard Clau
 
PPTX
Drupal 8 + Elasticsearch + Docker
Roald Umandal
 
PDF
Scaling WordPress On A Small Budget
Brecht Ryckaert
 
PPTX
Service stack all the things
cyberzeddk
 
PPTX
Monitoring Open Source Databases with Icinga
Icinga
 
PPTX
Don't worry with bower
Frank van der Linden
 
PDF
Icinga Web 2 is more - Module magic at Icinga Camp San Francisco
Icinga
 
Using Ansible at Scale to Manage a Public Cloud
Jesse Keating
 
Introduction to ansible
Dharmit Shah
 
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
 
Automating with Ansible
Ricardo Schmidt
 
Big Data! Great! Now What? #SymfonyCon 2014
Ricard Clau
 
Go Faster with Ansible (AWS meetup)
Richard Donkin
 
Nodejsvault austin2019
Taswar Bhatti
 
What is new in icinga2
Icinga
 
Cloud patterns forwardjs April Ottawa 2019
Taswar Bhatti
 
The Wix Microservice Stack
Tomer Gabel
 
Ansible Introduction - Ansible Brno #1 - David Karban
ansiblebrno
 
Hashicorp @ JUST EAT - Part 2
Andrew Brown
 
Elasticsearch JVM-MX Meetup April 2016
Domingo Suarez Torres
 
Scaling with Symfony - PHP UK
Ricard Clau
 
Drupal 8 + Elasticsearch + Docker
Roald Umandal
 
Scaling WordPress On A Small Budget
Brecht Ryckaert
 
Service stack all the things
cyberzeddk
 
Monitoring Open Source Databases with Icinga
Icinga
 
Don't worry with bower
Frank van der Linden
 
Icinga Web 2 is more - Module magic at Icinga Camp San Francisco
Icinga
 
Ad

Viewers also liked (20)

PDF
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
ODP
Ansible & Vagrant
Mukul Malhotra
 
PDF
Flexible, simple deployments with OpenStack-Ansible
Major Hayden
 
PPTX
Ansible for Enterprise
Ansible
 
PPTX
[세미나] Vagrant 이지원
지원 이
 
PDF
OpenStack-Ansible Security
Major Hayden
 
PDF
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
승엽 신
 
PDF
Introduction to ansible
Mukul Malhotra
 
PDF
Ansible과 CloudFormation을 이용한 배포 자동화
AWSKRUG - AWS한국사용자모임
 
PPTX
Ansible Meetup NYC 060215
jedelman99
 
PPTX
Vagrant, Ansible, and OpenStack on your laptop
Lorin Hochstein
 
PDF
Arista: DevOps for Network Engineers
Philip DiLeo
 
PDF
Automated Security Hardening with OpenStack-Ansible
Major Hayden
 
PDF
[발표자료]안드로메다에서 온 디자이너이야기 5차 next_web_지훈_20130221
KTH, 케이티하이텔
 
PPTX
HP Advanced Technology Group: Docker and Ansible
Patrick Galbraith
 
PPTX
Deploying OpenStack with Ansible
Kevin Carter
 
PDF
SS42731_v2_KernerMicene
Lucy Huh Kerner
 
PPTX
코드로 인프라 관리하기 - 자동화 툴 소개
태준 문
 
PPTX
Juniper Network Automation for KrDAG
KwonSun Bae
 
PPTX
STIG Compliance and Remediation with Ansible
Ansible
 
How to Become a Thought Leader in Your Niche
Leslie Samuel
 
Ansible & Vagrant
Mukul Malhotra
 
Flexible, simple deployments with OpenStack-Ansible
Major Hayden
 
Ansible for Enterprise
Ansible
 
[세미나] Vagrant 이지원
지원 이
 
OpenStack-Ansible Security
Major Hayden
 
XE 모듈 개발 - 걸음마부터 날기까지 - 달리기
승엽 신
 
Introduction to ansible
Mukul Malhotra
 
Ansible과 CloudFormation을 이용한 배포 자동화
AWSKRUG - AWS한국사용자모임
 
Ansible Meetup NYC 060215
jedelman99
 
Vagrant, Ansible, and OpenStack on your laptop
Lorin Hochstein
 
Arista: DevOps for Network Engineers
Philip DiLeo
 
Automated Security Hardening with OpenStack-Ansible
Major Hayden
 
[발표자료]안드로메다에서 온 디자이너이야기 5차 next_web_지훈_20130221
KTH, 케이티하이텔
 
HP Advanced Technology Group: Docker and Ansible
Patrick Galbraith
 
Deploying OpenStack with Ansible
Kevin Carter
 
SS42731_v2_KernerMicene
Lucy Huh Kerner
 
코드로 인프라 관리하기 - 자동화 툴 소개
태준 문
 
Juniper Network Automation for KrDAG
KwonSun Bae
 
STIG Compliance and Remediation with Ansible
Ansible
 
Ad

Similar to Managing sensitive data with Ansible vault (20)

PDF
Ansible Vault Encrypting and Protecting Secrets - RHCE.pdf
RHCSA Guru
 
PPTX
Ansible vault - Introductory session
Buvanesh Kumar
 
PPTX
Advance discussion on Ansible - Rahul Inti
Sahil Davawala
 
PDF
Ansible secure usage, deployment, secret vaults
Frank Bezema
 
PDF
Ansible 202
Sebastian Montini
 
PDF
Secrets with Ansible
DougBridgens
 
PDF
Keybase Vault Auto-Unseal HashiTalks2020
Bas Meijer
 
PDF
Secrets management vault cncf meetup
Juraj Hantak
 
PPTX
ansible : Infrastructure automation,idempotent and more
Sabarinath Gnanasekar
 
PPTX
Security workflow with ansible
devanshdubey7
 
PDF
Ansible + WordPress - WordCamp Toronto 2016
Alan Lok
 
PPTX
Ansible presentation of cil for education prepare
yadharuvsp
 
PPTX
Mastering_Ansible_PAnsible_Presentation our score increases as you pick a
nareshmaranp
 
PPTX
Introduction to Ansible - Peter Halligan
CorkOpenTech
 
PDF
Ansible intro
Marcelo Quintiliano da Silva
 
PDF
Ansible for Configuration Management for Lohika DevOps training 2018 @ Lohika...
Ihor Banadiga
 
PDF
Ansible_Basics_ppt.pdf
PrabhjotSingh976002
 
PDF
Ansible, best practices
Bas Meijer
 
PPTX
Managing windows Nodes like Linux Nodes by Ansible
anilvm09
 
PDF
Ansible Introduction
Gong Haibing
 
Ansible Vault Encrypting and Protecting Secrets - RHCE.pdf
RHCSA Guru
 
Ansible vault - Introductory session
Buvanesh Kumar
 
Advance discussion on Ansible - Rahul Inti
Sahil Davawala
 
Ansible secure usage, deployment, secret vaults
Frank Bezema
 
Ansible 202
Sebastian Montini
 
Secrets with Ansible
DougBridgens
 
Keybase Vault Auto-Unseal HashiTalks2020
Bas Meijer
 
Secrets management vault cncf meetup
Juraj Hantak
 
ansible : Infrastructure automation,idempotent and more
Sabarinath Gnanasekar
 
Security workflow with ansible
devanshdubey7
 
Ansible + WordPress - WordCamp Toronto 2016
Alan Lok
 
Ansible presentation of cil for education prepare
yadharuvsp
 
Mastering_Ansible_PAnsible_Presentation our score increases as you pick a
nareshmaranp
 
Introduction to Ansible - Peter Halligan
CorkOpenTech
 
Ansible intro
Marcelo Quintiliano da Silva
 
Ansible for Configuration Management for Lohika DevOps training 2018 @ Lohika...
Ihor Banadiga
 
Ansible_Basics_ppt.pdf
PrabhjotSingh976002
 
Ansible, best practices
Bas Meijer
 
Managing windows Nodes like Linux Nodes by Ansible
anilvm09
 
Ansible Introduction
Gong Haibing
 

Recently uploaded (20)

PPTX
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PPTX
How to Build a Scalable Micro-Investing Platform in 2025 - A Founder’s Guide ...
Third Rock Techkno
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PDF
Architecture of the Future (09152021)
EdwardMeyman
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PPTX
Coupa-Overview _Assumptions presentation
annapureddyn
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
Francisco Vieira Júnior
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
Doc9.....................................
SofiaCollazos
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
How to Build a Scalable Micro-Investing Platform in 2025 - A Founder’s Guide ...
Third Rock Techkno
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Architecture of the Future (09152021)
EdwardMeyman
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Coupa-Overview _Assumptions presentation
annapureddyn
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 

Managing sensitive data with Ansible vault