Securing Ansible Vault With Google Cloud

When working with Ansible you will at some point have to deal with data that is of a more sensitive nature such as passwords, API- & certificate keys etc. Storing secrets in plain text is bad practice, but still quite common.

If possible the best option is to simply not store any secrets at all and instead fetch/inject these during deployment or runtime with tools such as Hashicorp’s Vault. But for smaller projects this can be too expensive, complex and time-consuming to configure. Thankfully Redhat has included a tool called Ansible Vault in the default Ansible installation. Ansible Vault can encrypt secrets inline or separate files and then automatically decrypt during playbook execution.

Read more →

hello world

During the winter holiday I managed to find time to start working on this blog. The plan was to launch before New Year’s Eve and get a head start on 2021. But as always when it comes to technology projects delays get introduced one way or another. Now in this particular case these delays were very much self-inflicted by my ability to scope-creep.

What started out as a simple blog to be hosted directly on Github Pages or from object storage such as AWS S3 quickly evolved into something else.

Read more →