Igor
Reputation: 319
Encrypting Ansible Playbook .pem private key with ansible-vault
Is there any way to encrypt --private-key with ansible-vault and use it encrypted with Ansible Playbook ansible-playbook command (or inside Playbook)?
I tried this but it didn't worked:
$ ansible-vault create encrypted_ssh_key.pem --vault-password-file vault_password_file
(pasted my SSH private key into it)
$ ansible-playbook ansible_playbook -i inventory/ec2.py \
-e ansible_ssh_user=ubuntu \
-e ansible_user=ubuntu \
--private-key=encrypted_ssh_key.pem \
--vault-password-file vault_password_file
It's always asking me for a passphrase and even after I enter it (the one from vault_password_file) it doesn't accept it. I can login to EC2 instance without any problems by using that private key.
Upvotes: 3
Views: 3919
Answers (1)
techraf
Reputation: 68449
Sorry, but you are taking a wrong approach.
What you need is to create a passphrase for the key, not encrypt the key with Ansible Vault.
openssl rsa -in ssh_key.pem -out encrypted_ssh_key.pem
Give it a passphrase and provide that passphrase every time you run it (or use some agent which would cache the password for you):
ansible-playbook ansible_playbook -i inventory/ec2.py \
-e ansible_ssh_user=ubuntu \
-e ansible_user=ubuntu \
--private-key=encrypted_ssh_key.pem
Upvotes: 4
Related Questions
- How to run an ansible-playbook with a passphrase-protected-ssh-private-key?
- How do I properly encrypt a file from inside an Ansible Playbook?
- How to use a public keypair .pem file for ansible playbooks?
- api token from ansible vault that is encrypted does not work with my playbook
- Using Ansible vault for Ansible's ssh keyfile
- ansible vault encrypt string
- Encrypt user private key file in command "ansible-playbook"
- How to encrypt variables using Ansible Vault?
- ansible vault with private key as password (similar to eyaml)?
- Ansible: can I use a ssh key encrypted in the vault?