见下面的最小例子。要在文件中加密的文本是
test: “TEST VARIABLE”</code>
。
> set | grep VAULT
ANSIBLE_VAULT_PASSWORD_FILE=/home/admin/.vault_pass.txt
ls -1
ansible.cfg
group_vars
hosts
test.yml
cat ansible.cfg
[defaults]
inventory = $PWD/hosts
cat hosts
localhost
[routers]
localhost
ansible-vault create group_vars/routers
cat group_vars/routers
$ANSIBLE_VAULT;1.1;AES256
3733 …
cat test.yml
- hosts: routers
tasks:
- debug: var=test
ansible-playbook test.yml
PLAY [routers]
TASK [Gathering Facts]
ok: [localhost]
TASK [debug]
ok: [localhost] => {
“test”: “TEST VARIABLE”
}
PLAY RECAP
localhost : ok=2 changed=0 unreachable=0 failed=0
</code>