Johan Wassberg 🦭Jun 5

I can't be the first one to have forget to set executable bits on the file for `vault_password_file` and therefore set the encryption key to the content of the file instead secret that should have been returned by the file/script (from an encrypted store)?… πŸ˜…

#ansible #ansiblevault

HabrJun 5

ΠžΡΠ½ΠΎΠ²Ρ‹ Ansible β€” ΠΊΠ°ΠΊ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ

Π’ ΡΡ‚Π°Ρ‚ΡŒΠ΅ β€” Ρ€Π°Π·Π±ΠΎΡ€ основ Ansible: ΠΊΠ°ΠΊ ΠΏΠΈΡΠ°Ρ‚ΡŒ ΠΈΠ΄Π΅ΠΌΠΏΠΎΡ‚Π΅Π½Ρ‚Π½Ρ‹Π΅ ΠΏΠ»Π΅ΠΉΠ±ΡƒΠΊΠΈ, Π½Π΅ ΠΊΠ»Π°ΡΡ‚ΡŒ ΠΏΡ€ΠΎΠ΄Π°ΠΊΡˆΠ΅Π½ сухими ΠΏΡ€ΠΎΠ³ΠΎΠ½Π°ΠΌΠΈ ΠΈ Π²ΡΡ‚Ρ€ΠΎΠΈΡ‚ΡŒ Ansible Π² CI/CD. Π Π°Π·Π±ΠΈΡ€Π°ΡŽ структуру Ρ€ΠΎΠ»Π΅ΠΉ, Ρ€Π°Π±ΠΎΡ‚Ρƒ с динамичСским ΠΈΠ½Π²Π΅Π½Ρ‚Π°Ρ€Ρ‘ΠΌ, сСкрСтами ΠΈ Ρ‚ΠΈΠΏΠΎΠ²Ρ‹Π΅ Π³Ρ€Π°Π±Π»ΠΈ Π½ΠΎΠ²ΠΈΡ‡ΠΊΠΎΠ². Π”Π²Π΅ наглядныС схСмы, Ρ€Π΅Π°Π»ΡŒΠ½Ρ‹ΠΉ кСйс ΠΈΠ· Π±ΠΎΠ΅Π²ΠΎΠΉ ΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΠΈ ΠΈ Π½Π°Π±ΠΎΡ€ ΠΏΡ€Π°Π²ΠΈΠ», ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Π΅ Π΄Π΅Π»Π°ΡŽΡ‚ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·Π°Ρ†ΠΈΡŽ прСдсказуСмой ΠΈ бСзопасной. Π§ΠΈΡ‚Π°Ρ‚ΡŒ Ρ€Π°Π·Π±ΠΎΡ€

https://habr.com/ru/companies/otus/articles/1022154/

#Ansible #автоматизация_ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΉ #Π΄Π΅ΠΏΠ»ΠΎΠΉ #GitLab_CI #Jenkins #playbook #инфраструктура #ansiblevault #DevOpsΠΏΡ€Π°ΠΊΡ‚ΠΈΠΊΠΈ

ΠžΡΠ½ΠΎΠ²Ρ‹ Ansible β€” ΠΊΠ°ΠΊ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ ΠΈ Π΄Π΅ΠΏΠ»ΠΎΠΉ

ВсСм ΠΏΡ€ΠΈΠ²Π΅Ρ‚, мСня Π·ΠΎΠ²ΡƒΡ‚ Π‘Π΅Ρ€Π³Π΅ΠΉ ΠŸΡ€ΠΎΡ‰Π°Π΅Π², я Tech Lead ΠΈ Ρ€ΡƒΠΊΠΎΠ²ΠΎΠ΄ΠΈΡ‚Π΅Π»ΡŒ направлСния Java | Kotlin Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠΈ Π² FinTech , Π° Ρ‚Π°ΠΊΠΆΠ΅ ΠΏΡ€Π΅ΠΏΠΎΠ΄Π°ΡŽ Π½Π° ΠΊΡƒΡ€ΡΠ°Ρ… Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠΈ ΠΈ Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Ρ‹ Π² OTUS....

Π₯Π°Π±Ρ€
Tom's IT CafeSep 17, 2025

Ghost Ops don't leave secrets in the wild. Ansible Vault is their blade. #AnsibleVault #Ansible #Encrypt #Vault #DevOps #Automation

http://tomsitcafe.com/2025/09/17/08-objective-encrypt-the-silence-ansible-vault/

08 Objective: Encrypt the Silence – Ansible Vault

Ghosts know that secrets are critical.You can’t let them sit or travel in plain text.Ansible Vault is the blade of the Operator.

Tom's IT Cafe
Tom's IT CafeApr 16, 2025

Automating UFW Configuration with Ansible: Locking Down the Digital Fortress #Ansible #UFW #Firewall #Automation #Cybersecurity #ServerSecurity #DeadSwitch #OperationalSecurity #AnsiblePlaybook #NetworkSecurity #AutomationTools #AnsibleRoles #SystemAdministration #SecureServer #Encryption #AnsibleVault #PrivacyTools #SecurityAutomation

http://tomsitcafe.com/2025/04/16/automating-ufw-configuration-with-ansible-locking-down-the-digital-fortress/

Automating UFW Configuration with Ansible: Locking Down the Digital Fortress

In the world of chaos, where every exposed port is a door for the enemy, DeadSwitch doesn’t just lock the doorsβ€”we automate. We create shields that rise without a command. Ansible is our tool of ch…

Tom's IT Cafe
Colan SchwartzNov 18, 2024
@x_cli Have I been doing it backwards? I typically flow things in the opposite direction. I keep secrets in #AnsibleVault (committed to #git) , which gets dumped into my environment with a setup script after I provide my Vault #passphrase . Then #Terraform picks it up, and gives to to whatever needs it (e.g. #kubernetes secrets).
RenΓ© Moser (resmo) レネOct 12, 2024

#Ansible Vault as a Service POC, encrypt your secrets without knowning the vault secret. Just select the "project" and go.

#ansibleVault

OSTechNixOct 1, 2022
How To Use Ansible Vault To Protect Sensitive Playbook Data #AnsibleVault #Ansible #Security #Encyption #Decryption #Devops #ITAutomation #Linuxadministration #AnsibleTutorial #Linux #Ansiblecommands
https://ostechnix.com/ansible-vault/
Use Ansible Vault To Protect Sensitive Playbook Data - OSTechNix

In this article, we are going to learn what is Ansible Vault and how to use Ansible Vault to protect sensitive playbook data in Linux.

OSTechNix