如何使用ansible Vault上传加密文件? [英] How to upload encrypted file using ansible vault?

问题描述

是否有人有使用 ansible-vault 解密和上传文件的示例.

Does anyone have an example of decrypting and uploading a file using ansible-vault.

我正在考虑在源代码管理中加密我的 ssl 证书.

I am thinking about keeping my ssl certificates encrypted in source control.

似乎以下内容应该可以工作.

It seems something like the following should work.

---
  - name: upload ssl crt
    copy: src=../../vault/encrypted.crt dest=/usr/local/etc/ssl/domain.crt

推荐答案

更新:自 2016 年起弃用，Ansible 2.1

在 2.1 之前的任何 Ansible 版本上:

On any Ansible version prior of 2.1:

那是行不通的.您将得到的是您的 encrypted.crt(使用 Ansible Vault)上传为 domain.crt

That's not going to work. What you will get is your encrypted.crt (with Ansible Vault) uploaded literally as domain.crt

您需要做的是让您的剧本成为Vault"的一部分.并添加一个包含您的证书内容的变量.像这样:

What you need to do is make your playbook part of a "Vault" and add a variable that contains your certificate content. Something like this:

---
- name: My cool playbook
  hosts: all

  vars:
    mycert: |
       aasfasdfasfas
       sdafasdfasdfasdfsa
       asfasfasfddasfasdfa


  tasks:
    # Apparently this causes new lines on newer ansible versions
    # - name: Put uncrypted cert in a file
    #   shell: echo '{{ mycert }}' > mydecrypted.pem

    # You can try this as per
    # https://github.com/ansible/ansible/issues/9172
    - copy:
      content: "{{ mycert }}"
      dest: /mydecrypted.pem

    - name: Upload Cert
      copy: src=/home/ubuntu/mydecrypted.pem dest=/home/ubuntu/mydecrypteddest.pem

    - name: Delete decrypted cert
      file: path=/home/ubuntu/mydecrypted.pem state=absent

您也可以选择使用 Ansible Vault 将 mycert 变量放在单独的变量文件中.

You can choose to put your mycert variable in a separate variable file using Ansible Vault too.

复制模块已在 Ansible 2.1 中更新.从变更日志:"复制模块现在可以透明地使用 Vaulted 文件作为源，如果提供了保险库密码，它将即时解密和复制."在这里注意一下，因为有些人不可避免地不会看过去接受的答案.– JK 莱浩

The copy module has been updated in Ansible 2.1. From the changelog: "copy module can now transparently use a vaulted file as source, if vault passwords were provided it will decrypt and copy on the fly." Noting it here, since some people will inevitably not look past the accepted answer. – JK Laiho

这篇关于如何使用ansible Vault上传加密文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！