From 2081ea949b86307e29baac45e39b80e47b25879d Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Sun, 20 Oct 2019 15:46:43 -0700 Subject: [PATCH] Updated docs --- docs/readme.md | 21 ++++++++++++++++++++- examples/hosts.yml | 4 ++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/docs/readme.md b/docs/readme.md index d5e3666..49ea4f5 100644 --- a/docs/readme.md +++ b/docs/readme.md @@ -16,6 +16,25 @@ This will give you a quick way to see what flags are supported without having to ## Vault -Vaults are a great way to store secrets in your source code. Never store insecure secrets in a file other then for quick testing. Even then, don't put unencrypted secrets in public locations. +Vaults are a great way to store secrets in your source code. Never store insecure secrets in a file other then for quick testing. Even then, don't put un-encrypted secrets in public locations. +### Config changes + +Before you use ansible-value you will want to update your ansible.cfg file. Uncomment ```#vault_password_file``` and update it to where you will store your secret file. This is a file that should be added to ```.gitignore``` so that the password is stored safely. For reference I use .ansible_vault as my file and you can see my .gitignore file to see how I ignore it. + +### How to use Vault + +Make sure you adjusted your ansible.cfg before doing this. That password is how vault decrypts values. + +```bash +echo 'secret' > .ansible_vault +ansible-value encrypt_string 'sshPassword' +``` + +With the value that was exported you would add that to the playbook that needs to be able to decrypt the secret to use it. +Something to note. When the password that is stored in .ansible_vault that is defined in ansible.cfg changes, the vault might start to fail to decrypt strings. I have not made it that far yet with vault to confirm how much this is true. + +## Roles + +Roles are very important when it comes to Ansible. If you need to define how say pip handles actions you would build a role for it. With that role you can define how pip would work. Do not treat roles as your playbook. They are meant to be used as a guide and the playbook passes variables to the role to tell it how something should be configured. diff --git a/examples/hosts.yml b/examples/hosts.yml index f5d1bed..df9066d 100644 --- a/examples/hosts.yml +++ b/examples/hosts.yml @@ -7,7 +7,7 @@ all: hosts: 172.20.0.142: vars: - ansible_user: ansible + ansible_user: ansible_connection: ssh ansible_password: ansible_become_method: sudo @@ -17,7 +17,7 @@ all: hosts: dev01: vars: - ansible_user: ansible + ansible_user: ansible_password: ansible_connection: winrm ansible_port: 5985