Erin Call

Erin Call

You Can't Spell Engineering Without Erin

Posts tagged ansible

Using PGP To Encrypt The Ansible Vault

Over the last week I've been getting rid of the extremely janky Puppet setup I had provisioning my VPS, and replacing it with Ansible. One of the features I really like in Ansible is the Vault, which is a fancy name for AES-encrypted data files. The Vault lets me put stuff like API keys in source control without exposing them to my enemies [1]. Super convenient!

Unfortunately, the Vault is also sort of a pain: every time I want to edit an encrypted file, or do a test run, I have to type my Super Complex Secret Passphrase. I had to do a lot of test runs while getting everything verified, so that got pretty tedious. Additionally, if this Ansible setup were for a project with many developers, I'd have the usual password-distribution problems.

(Read the full post...)

Posted on 2014-11-30T21:00:00Z
Posted in ansible, pgp.