I am doing Network Automation where we have different flavour of devices
like Netscaler, Cisco, Juniper, Fortigate etc.
This is DevOps at its best where we will put host details like IP's, user
name and password into the inventory file on ansible machine and then
create playbooks to carry out use cases like update ssl certficates on all
devices, rolling updates etc.
I need help on designing how to save and secure sensitive details w.r.t.
host machines like user name and passwords.
Currently I am encrypting inventory file with ansible-vault using
--ask-vault-pass and --vault-password-file options but both of them fails
when I run playbooks with nitro api's
with error as:
localhost]: FAILED! => {"changed": false, "msg": "nitro exception during
login. errorcode=354, message=Invalid username or password"}
basically it does not accept encrypted password, same playbook works when I
try un-encrypted host file.
Second problem is lets assume it works and then I have this vault-password
file with plain text so how to push it to hashicorp vault. I am planning to
use vault write command to save this vault password file to path and then
use lookup modules to read secret.
Is it justified to have two vaults to save passwords or should I straight
away save my inventory file in hashicorp vault and run ansible-playbook
command pointing to that inventory. Glad if someone can share code or
command snippets to explain.
--
You received this message because you are subscribed to the Google Groups
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
