[ansible-project] Re: Is there any Ansible module to Encrypt a log file during the play book execution

Tue, 12 Mar 2024 03:33:12 -0700 

Hi  Drew, 

I appreciate your reply . The customer requirement is the secret key should 
be on ansible controller  and the vms /endpoints  logs are copied to the 
controller  and encryption is done on the controller I explored  copy 
module has a encrypt  option which can help out in the process . But for 
the decryption i will need to use ansible-vault .

---
- hosts: localhost
  gather_facts: false

  vars_prompt:
    name: vault_secret
    prompt: Please enter the password to encrypt the file
    default: v3rys3cr3t
    private: true

  vars:
    vault_file: secret.log

  tasks:
    - name: In-place (re)encrypt file {{ vault_file }}
      ansible.builtin.copy:
        content: "{{ lookup('ansible.builtin.file', vault_file) | 
ansible.builtin.vault(vault_secret) }}"
        dest: "{{ vault_file }}"
        decrypt: false

Thanks
Deepak B Kumar  

On Monday, March 11, 2024 at 10:43:15 PM UTC+5:30 Drew Northup wrote:

> Hi Deepak,
> You're going to need a different opener for this can of worms, as Ansible 
> Vault is meant for protecting confidential information that needs to be 
> pushed out to the endpoint being configured and not for pulling information 
> back to the controller for encryption nor is it meant for encryption 
> in-place on the endpoint node.
> So that the community can better help you, are to looking to encrypt log 
> files in place on the configured endpoint node (host, VM, container, etc.) 
> or are you looking to have the log files encrypted on the controller at the 
> end of the playbook run? (Or, perhaps, are they the same host?)
>
>
> On Monday, March 11, 2024 at 5:06:21 AM UTC-4 Deepak B K wrote:
>
> Hi All, 
>
> I need recommendation to use encryption and decryption  of generated log 
> files during the playbook execution . I was going through ansible 
> documentation and I don't see any module  except use of ansible-vault . I 
> appreciate your  advise .
>
>
> there is a module to decrypt the log file 
> - ansible.builtin.debug: msg="the value of foo.log is {{ 
> lookup('ansible.builtin.unvault', '/etc/foo.log') | string | trim }}"
>
> Thanks 
> Deepak
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e0e93ea5-4a4f-4d44-8e50-97edad1ef5a5n%40googlegroups.com.

Reply via email to