Skip to main content

Working with Confidential Data in Ansible

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

00:30:00

Difficulty

Intermediate

The Red Hat Certified Ansible Specialist Exam (EX407) requires an understanding of working with confidential data within Ansible. This hands-on lab goes over how you can use the ansible-vault command to encrypt sensitive files within a vault file and also how to work with those vault files in an Ansible playbook. The exercise assumes basic proficiency with several common ansible modules and general ansible playbook use. Upon completing the lab, you will have developed an improved understanding of ansible-vault and vault files.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Working with Confidential Data in Ansible

Introduction

The Red Hat Certified Ansible Specialist Exam (EX407) requires an understanding of working with confidential data within Ansible. This hands-on lab goes over how you can use the ansible-vault command to encrypt sensitive files within a vault file and also how to work with those vault files in an Ansible playbook. The exercise assumes basic proficiency with several common ansible modules and general ansible playbook use. Upon completing the lab, you will have developed an improved understanding of ansible-vault and vault files.

Solution

Log in to the Ansible Control Node via SSH:

ssh cloud_user@<PUBLIC IP>

Become root:

sudo su

Encrypt /home/ansible/secret

  1. Encrypt the file:

    ansible-vault encrypt /home/ansible/secret
  2. Give it an easy-to-remember new password, since we'll need it again later.

Create a Vault Password File

  1. Configure a vault password file named /home/ansible/vault to be used to run the Ansible playbook (replacing <YOUR VAULT PASSWORD> with the one you just created):

    echo "<YOUR VAULT PASSWORD>" > /home/ansible/vault

Run the Playbook

  1. Run the playbook /home/ansible/secPage.yml using your vault password file to validate your work:

    ansible-playbook --vault-password-file /home/ansible/vault /home/ansible/secPage.yml

Verify the Secure Page Deployed Correctly

  1. In the terminal, enter:

    curl -u bond http://node1/secure/classified.html
  2. When prompted for the password, enter james.

    The command should return the contents of classified.html regarding the weather in a certain city.

Conclusion

Congratulations on successfully completing this hands-on lab!