How to encrypt binary files in Ansible?
You can use a shell command with a base64 variable to do that.
- vars:
- myvar: "<my_base64_var>"
- name: Create binary file
shell: "echo '{{myvar}}' | base64 -d > /var/tmp/binary.dat"
Eric
The way we do that for our ansible setup is:
-We encrypt individual sensitive material (a small subset of our repository ) using https://www.agwa.name/projects/git-crypt/ -We all always commit using git sign tags -We periodically check if there are any unsigned files
The advantage of git-crypt is that as it relies on git filters, the encryption is transparent. Plus you can give access to the repository to developers without compromising encrypted content (it will ignore encrypted files if no decryption key can be obtained ).