Vault

A couple of days ago we where debugging an Ansible AAP problem, when a co-worker mentioned something weird in our Hashicorp Vault. Nothing major, just weird. He told me that sometimes and not with all entries he only could see the JSON blob of the entry and the switch to go back to normal was greyed out. Searching Github it turned out that this is related to pull-request 4913 (https://github. [Read More]

In our work environment we have role-based access for passwords (of course). But as we deploy all systems with Ansible, we could end up that someone with only deploy permission ends up with access to all passwords. It’s obvious that we don’t want that, so I started checking in to Ansible’s ability to have multiple vault passwords. Ansible Vault IDs Starting with Ansible 2.4 and above, vault IDs are supported. [Read More]