In the last few posts, I've talked about using Ansible for configuring servers and local environments, during both of which, you're likely to have some sensitive or secret values. These could be database credentials within your application and on your server, and your SSH private keys within your local environment.
Rather than committing these to a code repository in plain text, Ansible includes the ansible-vault command to encrypt values.
To see this working, run ansible-vault encrypt_string my-secret-password, enter a password, and then you should see something like this:
This is the encrypted version of that password, and this could be committed and pushed to a code repository.
You can use it within a playbook, and you'll be prompted to re-enter the password so that Ansible can decrypt and use it.
Rather than a single string, you could have a file of variables that you want to encrypt. You can do this by running ansible-vault encrypt vault.yml and include it as before. Again, you'll be prompted by Ansible so that it can decrypt and use the values.
I'm an Acquia-certified Drupal Triple Expert with 18
years of experience, an open-source software maintainer and Drupal core contributor, public speaker, live streamer, and host of the Beyond Blocks podcast.