-
Notifications
You must be signed in to change notification settings - Fork 0
dasgoll/ansible-vault-example
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
We want to change password of a user called 'khaled' to 'eva2niva'
ansible all -i localhost, -m debug -a "msg={{ 'eva2niva' | password_hash('sha512', 'mysecretsalt') }}"
OR
### apt install whois
mkpasswd --method=sha-512
OR
$ htpasswd -c /tmp/my_hash user1
New password:
Re-type new password:
Adding password for user user1
$ cat /tmp/my_hash
user1:$6$mysecretsalt$Rfl3Gk82uFh6nAD.edgZB.zf7CcKTdQx2/VWY/2LDSf.fYZJUjAkuF0z3AkYp9JVRsTI8jvmNzg/QpjfRoVBj/
Obviously, you just grab the 2nd field, and can delete the file once you're added it to shadow or for use with sudo (still most likely shadow).
### N.B: include_vars can include yaml and json files
ansible-vault encrypt vault.yml
# use password 'elpassgrande'
OR echo elpasswordgrande > password_file
ansible-playbook -i localhost, -c local site.yml --ask-vault-pass
OR
ansible-playbook -i localhost, -c local site.yml --vault-password-file password_file
su - khaled
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published