[ansible-project] Re: Is there any Ansible module to Encrypt a log file during the play book execution

Tue, 12 Mar 2024 03:33:12 -0700 

Hi  Drew, 

I appreciate your reply . The customer requirement is the secret key should 
be on ansible controller  and the vms /endpoints  logs are copied to the 
controller  and encryption is done on the controller I explored  copy 
module has a encrypt  option which can help out in the process . But for 
the decryption i will need to use ansible-vault .

---
- hosts: localhost
  gather_facts: false

  vars_prompt:
    name: vault_secret
    prompt: Please enter the password to encrypt the file
    default: v3rys3cr3t
    private: true

  vars:
    vault_file: secret.log

  tasks:
    - name: In-place (re)encrypt file {{ vault_file }}
      ansible.builtin.copy:
        content: "{{ lookup('ansible.builtin.file', vault_file) | 
ansible.builtin.vault(vault_secret) }}"
        dest: "{{ vault_file }}"
        decrypt: false

Thanks
Deepak B Kumar  

On Monday, March 11, 2024 at 10:43:15 PM UTC+5:30 Drew Northup wrote:

> Hi Deepak,
> You're going to need a different opener for this can of worms, as Ansible 
> Vault is meant for protecting confidential information that needs to be 
> pushed out to the endpoint being configured and not for pulling information 
> back to the controller for encryption nor is it meant for encryption 
> in-place on the endpoint node.
> So that the community can better help you, are to looking to encrypt log 
> files in place on the configured endpoint node (host, VM, container, etc.) 
> or are you looking to have the log files encrypted on the controller at the 
> end of the playbook run? (Or, perhaps, are they the same host?)
>
>
> On Monday, March 11, 2024 at 5:06:21 AM UTC-4 Deepak B K wrote:
>
> Hi All, 
>
> I need recommendation to use encryption and decryption  of generated log 
> files during the playbook execution . I was going through ansible 
> documentation and I don't see any module  except use of ansible-vault . I 
> appreciate your  advise .
>
>
> there is a module to decrypt the log file 
> - ansible.builtin.debug: msg="the value of foo.log is {{ 
> lookup('ansible.builtin.unvault', '/etc/foo.log') | string | trim }}"
>
> Thanks 
> Deepak
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e0e93ea5-4a4f-4d44-8e50-97edad1ef5a5n%40googlegroups.com.

Reply via email to