Reputation: 527
Encrypt user private key file in command "ansible-playbook"
I have a aws ec2 inventory file that I want yo deploy my codes to the e2 instances. I am using:
anible-playbook -i ec2_inventory -u ec2-user --private-key=my_ec2_key.pem
and it works.
What I want is to use ansible-vault to encrypt the private key file: my_ec2_key.pem, and I will keep the vault password in a text file.
How can I issue the ansible-playbook command now to use the vault password to decrypt the private key file for ec2-user?
Upvotes: 2
Views: 1794
Answers (1)
Reputation: 3230
Unfortunately, ansible-vault will not automatically decrypt the private key that it's using to connect to instances. You could potentially hack around this by using a local task to write it into a keyfile from a variable file (which would write it decrypted) and place the file somewhere which is then referenced in downstream tasks. The reason ansible doesn't do this is because vault typically only decrypts the variables in-memory to prevent hanging decrypted artifacts if the playbook fails.
If you're using a CI box or something to run ansible, you could potentially place the private key on the CI box, and thus prevent the need to decrypt it at run-time. Then store the private key permanently encrypted in source.
Upvotes: 2
Related Questions
- Specifying ssh key in ansible playbook file
- How to run an ansible-playbook with a passphrase-protected-ssh-private-key?
- How do I properly encrypt a file from inside an Ansible Playbook?
- Using Encrypted Ansible Password in Python Script
- Is there a variable pointing to the private key file?
- How to password protect a file in remote system using ansible?
- How to invoke encrypted password inside ansible playbook?
- How to pass passphrase on the ansible cli?
- Encrypting Ansible Playbook .pem private key with ansible-vault
- Automate deployment of SSL private key using Ansible