Encrypting Files with Ansible Vault

From LearnLinux.tv Wiki
Jump to navigation Jump to search

Overview

Have you ever wanted to create a wide-open file share on your LAN to enable your users to quickly and easily share files? In this video, the viewer is shown the process of setting up a custom Samba implementation on Debian/Ubuntu that makes sharing files on your LAN easy.

Relevant Links
Original Video

Store the vault password

  • Generate the password (using whichever app you'd like, Keepassxc was used in the video)
  • Store it in ~/.vault_key (or wherever you prefer)

Correct Key File Permissions

Prevent the key file from being read by other users:

 chmod 600 ~/.vault_key

Encrypt a file

 ansible-vault encrypt <filename>

Decrypt a file

 ansible-vault decrypt --vault-password-file ~/.vault_key <filename>

Edit a file directly

 ansible-vault edit --vault-password-file ~/.vault_key info.txt

View an encrypted file without decrypting it first

 ansible-vault view --vault-password-file ~/.vault_key info.txt

Provide an encryption key while using ansible-pull

 sudo ansible-pull --vault-password-file ~/.vault_key https://github.com/jlacroix82/ansible_pull_tutorial.git

Changing the vault password for a file

 ansible-vault rekey <filename> --vault-password-file ~/.vault_key