Hi Drew, I appreciate your reply . The customer requirement is the secret key should be on ansible controller and the vms /endpoints logs are copied to the controller and encryption is done on the controller I explored copy module has a encrypt option which can help out in the process . But for the decryption i will need to use ansible-vault .
--- - hosts: localhost gather_facts: false vars_prompt: name: vault_secret prompt: Please enter the password to encrypt the file default: v3rys3cr3t private: true vars: vault_file: secret.log tasks: - name: In-place (re)encrypt file {{ vault_file }} ansible.builtin.copy: content: "{{ lookup('ansible.builtin.file', vault_file) | ansible.builtin.vault(vault_secret) }}" dest: "{{ vault_file }}" decrypt: false Thanks Deepak B Kumar On Monday, March 11, 2024 at 10:43:15 PM UTC+5:30 Drew Northup wrote: > Hi Deepak, > You're going to need a different opener for this can of worms, as Ansible > Vault is meant for protecting confidential information that needs to be > pushed out to the endpoint being configured and not for pulling information > back to the controller for encryption nor is it meant for encryption > in-place on the endpoint node. > So that the community can better help you, are to looking to encrypt log > files in place on the configured endpoint node (host, VM, container, etc.) > or are you looking to have the log files encrypted on the controller at the > end of the playbook run? (Or, perhaps, are they the same host?) > > > On Monday, March 11, 2024 at 5:06:21 AM UTC-4 Deepak B K wrote: > > Hi All, > > I need recommendation to use encryption and decryption of generated log > files during the playbook execution . I was going through ansible > documentation and I don't see any module except use of ansible-vault . I > appreciate your advise . > > > there is a module to decrypt the log file > - ansible.builtin.debug: msg="the value of foo.log is {{ > lookup('ansible.builtin.unvault', '/etc/foo.log') | string | trim }}" > > Thanks > Deepak > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e0e93ea5-4a4f-4d44-8e50-97edad1ef5a5n%40googlegroups.com.