added vault/unvault docs (#75140)

pull/75633/head
Brian Coca 3 years ago committed by GitHub
parent 5ecbc199f8
commit 90518d8bb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1349,6 +1349,31 @@ Hash type 'blowfish' (BCrypt) provides the facility to specify the version of th
.. versionadded:: 2.12 .. versionadded:: 2.12
You can also use the Ansible :ref:`vault <vault>` filter to encrypt data::
# simply encrypt my key in a vault
vars:
myvaultedkey: "{{ keyrawdata|vault(passphrase) }}"
- name: save templated vaulted data
template: src=dump_template_data.j2 dest=/some/key/vault.txt
vars:
mysalt: '{{ 2**256|random(seed=inventory_hostname) }}'
template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
And then decrypt it using the unvault filter::
# simply decrypt my key from a vault
vars:
mykey: "{{ myvaultedkey|unvault(passphrase) }}"
- name: save templated unvaulted data
template: src=dump_template_data.j2 dest=/some/key/clear.txt
vars:
template_data: '{{ secretdata|unvault(vaultsecret) }}'
.. _other_useful_filters: .. _other_useful_filters:
Manipulating text Manipulating text

Loading…
Cancel
Save