如何使用ansible vault上传加密文件?

任何人都有使用ansible-vault解密和上传文件的示例。

我正在考虑保持我的SSL证书加密源代码控制。

看起来像下面应该工作。

---
  - name: upload ssl crt
    copy: src=../../vault/encrypted.crt dest=/usr/local/etc/ssl/domain.crt
这不会工作。你会得到的是你的encrypted.crt(与Ansible Vault)上传字面上的domain.crt

您需要做的是使您的剧本是“保险库”的一部分,并添加一个包含您的证书内容的变量。这样的东西:

---
- name: My cool playbook
  hosts: all

  vars:
    mycert: |
       aasfasdfasfas
       sdafasdfasdfasdfsa
       asfasfasfddasfasdfa


  tasks:
    # Apparently this causes new lines on newer ansible versions
    # - name: Put uncrypted cert in a file
    #   shell: echo '{{ mycert }}' > mydecrypted.pem

    # You can try this as per
    # https://github.com/ansible/ansible/issues/9172
    - copy:
      content: "{{ mycert }}"
      dest: /mydecrypted.pem

    - name: Upload Cert
      copy: src=/home/ubuntu/mydecrypted.pem dest=/home/ubuntu/mydecrypteddest.pem

    - name: Delete decrypted cert
      file: path=/home/ubuntu/mydecrypted.pem state=absent

您可以选择使用Ansible Vault将mycert变量放在单独的变量文件中。

The copy module has been updated in Ansible 2.1. From the changelog:
“copy module can now transparently use a vaulted file as source, if
vault passwords were provided it will decrypt and copy on the fly.”
Noting it here, since some people will inevitably not look past the
accepted answer. – JK Laiho

http://stackoverflow.com/questions/22773294/how-to-upload-encrypted-file-using-ansible-vault

本站文章除注明转载外,均为本站原创或编译
转载请明显位置注明出处:如何使用ansible vault上传加密文件?