Use an SSH key then no password is needed.
Or create a separate vars file P_vars or something
and have p_ansible_ssh_pass=yourpassword
encrypt that file with ansible vault
then reference that in your all:vars
ansible_ssh_pass={{ p_ansible_ssh_pass }}
you can then see the file and non secure vars without having to un-encrypt the
vault but can see that a password stored in vault is used and what it’s name is.
you then have the problem the ansible vault password is needed every time you
run your playbook / add hoc commands but you can include a reference to that in
your .ansible.cfg and have it reference somewhere on your machine that isn’t
included in your source control and protected to only be ready by your user.
From: [email protected] <[email protected]> On
Behalf Of Todd Lewis
Sent: Thursday, December 14, 2023 11:32 PM
To: Ansible Project <[email protected]>
Subject: [ansible-project] Re: how to encrypt ssh_pass password without asking
any more password
Caution: This email originated from outside of the organisation. Do not click
links or open attachments unless you recognise the sender and know the content
is safe
According to the conversation at
https://forum.ansible.com/t/ansible-inventory-as-json-and-inline-vaulted-data-does-not-work-works-with-yaml-inventory/2909
true .yaml inventories permit vaulted values, so that should work for your
requirements.
You'll need to convert your inventory from .ini format to .yml, and vault your
password with "ansible-vault encrypt_string…",
On Thursday, December 14, 2023 at 2:41:41 AM UTC-5 Sameer Modak wrote:
Hello Team,
how to encrypt ssh_pass password without asking any more password. I dont want
to type password everytime i run the ad hoc command like
ansible -i hosts.yaml -m shell -a "ulimit -a". I dont want to put the
password everytime i just want to hide or obscure or salt the below password
hosts.yaml has below all:vars
[all:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
ansible_connection=ssh
ansible_port=22
ansible_user=sam
ansible_ssh_pass=abc@123
Now i want to hide ansible_ssh_pass variable or encrypt/salt this value thats
it .
how do i do that. I m ok even if i store that in plaintext and reference here .
im fine evenits base64 just should not be in plain in hosts.yaml.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
[email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b4abdd48-0506-492c-9930-d7c2d2b86402n%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/b4abdd48-0506-492c-9930-d7c2d2b86402n%40googlegroups.com?utm_medium=email&utm_source=footer>.
---------------
[https://www.zen.co.uk/resources/images/default-source/image-library/icons/zen-logo_meeting.png]
Stuart Lowe He/Him
Senior Cloud Support Engineer
Zen Internet
Team: 01706 902009
www.zen.co.uk
<https://www.zen.co.uk/>
Proud to be a certified B Corporation
[https://www.zen.co.uk/resources/images/default-source/image-library/which232221-stacked-emailsig.tmb-0.png]
This message is private and confidential. If you have received this message in
error, please notify us and remove it from your system.
Zen Internet Limited may monitor email traffic data to manage billing, to
handle customer enquiries, and for the prevention and detection of fraud. We
may also monitor the content of emails sent to and/or from Zen Internet Limited
for the purposes of security, staff training and to monitor the quality of
service.
Zen Internet Limited is registered in England and Wales, Sandbrook Park,
Sandbrook Way, Rochdale, OL11 1RY Company No. 03101568 VAT Reg No. 686 0495 01
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/PA4PR01MB89947E9A3AFF325799D1C5BAA893A%40PA4PR01MB8994.eurprd01.prod.exchangelabs.com.
