================Ansible Vault==================
1. Create your yaml file
We are going to create a file keepitsecret.yaml and we will keet it secret using vault
1. Create your yaml file
We are going to create a file keepitsecret.yaml and we will keet it secret using vault
[root@master vault]# cat myvault.yaml
- hosts: 127.0.0.1
vars_files:
- keepitsecret.yaml
tasks:
- name: Sending email using Gmail's smtp services
mail:
host: smtp.gmail.com
port: 587
username: "{{ u }}"
password: "{{ p }}"
to: sam@gmail.com
subject: Testing email from gmail using ansible
body: system {{ ansible_host }} has been successfully tested.
2. Create a vault where you will store your username/pw
# av -h
# av create -h
check the syntax
[root@master vault]# ansible-vault create keepitsecret.yaml
New Vault password:
Confirm New Vault password:
u: "sam@gmail.com"
p: "MyPasswordSecret"
# av -h
# av create -h
check the syntax
[root@master vault]# ansible-vault create keepitsecret.yaml
New Vault password:
Confirm New Vault password:
u: "sam@gmail.com"
p: "MyPasswordSecret"
3. View the content of the file. You can't read what your stored. Its encripted.
[root@master vault]# cat keepitsecret.yaml
$ANSIBLE_VAULT;1.1;AES256
32346435633239646636626465663162613262623434333664393437316461366565316364396632
6365373834616464333437373134653435386335653165660a326331363163353932373161386362
61316464353339383834666662353230393036313538646563303632393134363165353431336130
3037393363643463650a643762353433663662306630376231363836376464656330346235663964
31656463373832353739303239353032613838333231613464343336656239656535333561663064
3036336665303135313061666234313831626630343066613130
[root@master vault]#
4. Run your playbook
# ap myvault.yaml
I got email alert
Sign-in attempt was blocked
sam@gmail.com
Someone just used your password to try to sign in to your account from a non-Google app. Google blocked them, but you should check what happened. Review your account activity to make sure no one else has access.
Less secure app blocked
Google blocked the app you were trying to use because it doesn't meet our security standards.
Some apps and devices use less secure sign-in technology, which makes your account more vulnerable. You can turn off access for these apps, which we recommend, or turn on access if you want to use them despite the risks. Google will automatically turn this setting OFF if it's not being used.
Learn more
google for less secure app access and
Enabling less secure apps to access Gmail
[root@master vault]# cat keepitsecret.yaml
$ANSIBLE_VAULT;1.1;AES256
32346435633239646636626465663162613262623434333664393437316461366565316364396632
6365373834616464333437373134653435386335653165660a326331363163353932373161386362
61316464353339383834666662353230393036313538646563303632393134363165353431336130
3037393363643463650a643762353433663662306630376231363836376464656330346235663964
31656463373832353739303239353032613838333231613464343336656239656535333561663064
3036336665303135313061666234313831626630343066613130
[root@master vault]#
4. Run your playbook
# ap myvault.yaml
I got email alert
Sign-in attempt was blocked
sam@gmail.com
Someone just used your password to try to sign in to your account from a non-Google app. Google blocked them, but you should check what happened. Review your account activity to make sure no one else has access.
Less secure app blocked
Google blocked the app you were trying to use because it doesn't meet our security standards.
Some apps and devices use less secure sign-in technology, which makes your account more vulnerable. You can turn off access for these apps, which we recommend, or turn on access if you want to use them despite the risks. Google will automatically turn this setting OFF if it's not being used.
Learn more
google for less secure app access and
Enabling less secure apps to access Gmail
you should be send email this time.