Encrypting Secrets with Ansible

May 29, 2017


I'm seeing more people use Ansible as their deployment and configuration management tool. A while back, Ansible created a way to encrypt playbooks so that they can't be read when they are in a stored state. This is important if you have passwords incorporated into variables or maybe even proprietary code in your playbooks.

Now with your playbook being encrypted, the contents are secured from those that don't have the need to know. Or in the event of a hack, and the hacker gets your playbooks, they won't have all of your secrets.

Ansible makes this very simple by using the ansible-vault command to create, view, and edit an encrypted playbook.

The password that encrypts the playbook can be supplied at runtime in a couple of different ways.

See the full documentation for examples and keep your code secure.