Skip to content

Exercise 05: Ansible Vault and encrypted secrets

Roles with encrypted variables, variable scoping

1) Create a role named LocalUsers with with defaults/main.yaml and tasks/main.yaml.

2) In the defaults/main.yaml, create a dictionary variable called users with usernames and password properties. Use Ansible Vault to encrypt the password.

hint:

ansible-vault encrypt_string [my-text-string] --ask-vault-pass

hint 2: link

3) Use win_user and create some users and give them remote desktop permissions (use the usernames and passwords from the previous bullet) to create these.

hint: groups: Remote Desktop Users, link hint2: Avoid leaking passwords in clear text with no_log: true

4) Log on to the server with one of the new users.

5) Override the users variable in group_vars/windows.yaml with new usernames and passwords.