article thumbnail image
Published 2023. 1. 10. 17:54

[Ansible] ansible-vault 사용법, ansible 암호화

IT/Ansible

Ansible-vault?

Ansible Vault는 패스워드, 키와 같은 보안에 민감한 파일들을 암복호화해주는 기능으로 ansible이 설치되면 vault도 함께 설치가 된다.
Ansbile에서 사용하는 모든 구조화된 데이터 파일을 암호화 할수 있는 기능이다.

[admin@master ansible]$ ansible-vault --help
usage: ansible-vault [-h] [--version] [-v]
                     {create,decrypt,edit,view,encrypt,encrypt_string,rekey}
                     ...

encryption/decryption utility for Ansible data files

positional arguments:
  {create,decrypt,edit,view,encrypt,encrypt_string,rekey}
    create              Create new vault encrypted file
    decrypt             Decrypt vault encrypted file
    edit                Edit vault encrypted file
    view                View vault encrypted file
    encrypt             Encrypt YAML file
    encrypt_string      Encrypt a string
    rekey               Re-key a vault encrypted file

optional arguments:
  --version             show program's version number, config file location,
                        configured module search path, module location,
                        executable location and exit
  -h, --help            show this help message and exit
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)

See 'ansible-vault <command> --help' for more information on a specific
command.

암호화 전 원본 파일 확인

[admin@master ansible]$ cat nginx_install.yml
---
- name: Install nginx on linux
  hosts: node3
  gather_facts: no

  tasks:
    - name: install epel-release
      yum: name=epel-release state=latest
    - name: install nginx web server
      yum: name=nginx state=present
    - name: upload default index.html for web server
      get_url: url=https://www.nginx.com dest=/usr/share/nginx/html/ mode=0644
    - name: start nginx web server
      service: name=nginx state=started

파일 암호화

ansible-vault encrypt <file name>
[admin@master ansible]$ sudo ansible-vault encrypt nginx_install.yml
New Vault password:
Confirm New Vault password:
Encryption successful

 

암호화된 걸 확인할 수 있다

 

암호화된 내용 보기

ansible-vault view <file name>

 

암호화 파일 수정

ansible-vault edit <file name>

 

 

암호화 해제

ansible-vault decrypt <file name>

저작자표시

'IT > Ansible' 카테고리의 다른 글

[Ansible] 플레이북  (0) 2023.01.10
[Ansible] 데브옵스와 앤서블의 특징  (0) 2023.01.05
복사했습니다!

티스토리툴바