|
|
@ -1349,6 +1349,31 @@ Hash type 'blowfish' (BCrypt) provides the facility to specify the version of th
|
|
|
|
|
|
|
|
|
|
|
|
.. versionadded:: 2.12
|
|
|
|
.. versionadded:: 2.12
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You can also use the Ansible :ref:`vault <vault>` filter to encrypt data::
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# simply encrypt my key in a vault
|
|
|
|
|
|
|
|
vars:
|
|
|
|
|
|
|
|
myvaultedkey: "{{ keyrawdata|vault(passphrase) }}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: save templated vaulted data
|
|
|
|
|
|
|
|
template: src=dump_template_data.j2 dest=/some/key/vault.txt
|
|
|
|
|
|
|
|
vars:
|
|
|
|
|
|
|
|
mysalt: '{{ 2**256|random(seed=inventory_hostname) }}'
|
|
|
|
|
|
|
|
template_data: '{{ secretdata|vault(vaultsecret, salt=mysalt) }}'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
And then decrypt it using the unvault filter::
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# simply decrypt my key from a vault
|
|
|
|
|
|
|
|
vars:
|
|
|
|
|
|
|
|
mykey: "{{ myvaultedkey|unvault(passphrase) }}"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: save templated unvaulted data
|
|
|
|
|
|
|
|
template: src=dump_template_data.j2 dest=/some/key/clear.txt
|
|
|
|
|
|
|
|
vars:
|
|
|
|
|
|
|
|
template_data: '{{ secretdata|unvault(vaultsecret) }}'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.. _other_useful_filters:
|
|
|
|
.. _other_useful_filters:
|
|
|
|
|
|
|
|
|
|
|
|
Manipulating text
|
|
|
|
Manipulating text
|
|
|
|