No description

Find a file

srw 8c9503514d add galaxy meta		2026-04-05 21:05:08 +00:00
meta	add galaxy meta	2026-04-05 21:05:08 +00:00
.gitignore	restore gitignore	2023-09-28 01:58:54 +00:00
ansible.cfg.sample	Revert "remove gitignore"	2023-10-02 13:56:37 +00:00
README.md	basic scripts and config for setting gpg secured vaults	2023-07-07 00:00:14 +00:00
vault-creds.sh	add vault-creds.sh	2023-09-28 01:33:41 +00:00
vault-keys.sample	cleanup	2023-09-28 01:46:29 +00:00
vault-open.sh	basic scripts and config for setting gpg secured vaults	2023-07-07 00:00:14 +00:00
vault-rekey.sh	basic scripts and config for setting gpg secured vaults	2023-07-07 00:00:14 +00:00

Ansbile GPG Vault

Encrypted the ansible-vault password with GPG which maybe be keyed to multiple keys, which in turns unlocks the various vault files.

Example creating a new vault password

export KEYID=<your-key-id>
pwgen -n 128 -C | head -n1 | gpg --armor --recipient $KEYID -e -o .vault/vault-pass.gpg

Add the desired key IDs to .vault/vault-keys

Re-key the vault key file when new keys are added

.vault/vault-rekey.sh

Configure ansible to use the provided scripts

ansible-vault --vault-password-file=.vault/vault-open.sh ...

Set defaults in ansible.cfg

[defaults]
vault_password_file=.vault/vault-open.sh

Create a new ansible vault

ansible-vault create new-vault.yml

View without altering the vault

ansible-vault view new-vault.yml

Edit the vault

ansible-vault edit new-vault.yml