There's lots you can do, but up to you what is an appropriate level of risk.
Using vault to encrypt all credentials for connecting to your hosts and not storing your vault password on disk would help. You could keep your ansible configuration in source control and build a new ansible controller virtual machine whenever you needed to do a deployment if you wanted to, although that would be a pain if you do lots of production deployments. I am no expert but well managed secrets, removing weak crypto and keeping systems patched goes a long way towards getting a full nights sleep. Jon -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/52122d43-6d2a-4924-9bdd-6f9bc40552fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
