Thursday, December 17, 2020

Ansible - Ansible Vault - keep your password secret

 ================Ansible Vault==================
1. Create your yaml file
We are going to create a file keepitsecret.yaml and we will keet it secret using vault

[root@master vault]# cat myvault.yaml
- hosts:
    - keepitsecret.yaml
  - name: Sending email using Gmail's smtp services
      port: 587
      username: "{{ u }}"
      password: "{{ p }}"
      subject: Testing email from gmail using ansible
      body: system {{ ansible_host }} has been successfully tested.

2. Create a vault where you will store your username/pw
# av -h
# av create -h
check the syntax
[root@master vault]# ansible-vault create keepitsecret.yaml
New Vault password:
Confirm New Vault password:
u: ""
p: "MyPasswordSecret"

3. View the content of the file. You can't read what your stored. Its encripted.
[root@master vault]# cat keepitsecret.yaml
[root@master vault]#

4. Run your playbook
# ap myvault.yaml
I got email alert
attempt was blocked
Someone just used your password to try to sign in to your account from a non-Google app. Google blocked them, but you should check what happened. Review your account activity to make sure no one else has access.

Less secure app blocked
Google blocked the app you were trying to use because it doesn't meet our security standards.
Some apps and devices use less secure sign-in technology, which makes your account more vulnerable. You can turn off access for these apps, which we recommend, or turn on access if you want to use them despite the risks. Google will automatically turn this setting OFF if it's not being used.
Learn more
google for less secure app access and 
Enabling less secure apps to access Gmail

you should be send email this time.

No comments:

Post a Comment