An Interest In:
Web News this Week
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
Easy migration to Ansible Vault id
To keep all our tokens secure we use the Ansible vault to encrypt them. Historically all files with secrets were encrypted with a single password instead of using a vault id and password file. This week we decided to migrate to vault id.
All files encrypted with a password and without vault id specified will have the header $ANSIBLE_VAULT;1.1;AES256
. We can use grep to find all files with this header. To do that run
grep "\$ANSIBLE_VAULT;1.1;AES256" group_vars/**/*.yml
Now we have a list of files that looks like that:
group_vars/staging/amazon.yml:$ANSIBLE_VAULT;1.1;AES256group_vars/staging/db.yml:$ANSIBLE_VAULT;1.1;AES256group_vars/staging/docker_registry.yml:$ANSIBLE_VAULT;1.1;AES256....
Grep adds matched string at the end of every file. We can use the cut
command to remove this part since we only need file names. cut -d: -f1
will leave only the file name.
And finally, we can use xargs
to pass the file list to the ansible-vault rekey
command to convert all encrypted files to encrypted files with vault id.
The full command will look like this:
grep "\$ANSIBLE_VAULT;1.1;AES256" group_vars/**/*.yml | cut -d: -f1 | xargs ansible-vault rekey --new-vault-id vaultID@vaultfile
Original Link: https://dev.to/alphab/easy-migration-to-ansible-vault-id-43ap
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To