DevOps · Flashcard

What does Ansible Vault do?

  • AIt encrypts sensitive data such as passwords in variables and files
  • BIt stores plaintext secrets on a central server for playbooks to read
  • CIt scans playbooks for hardcoded secrets and warns you about them
  • DIt rotates the SSH keys that are used to connect to managed nodes

Why this is the answer

Ansible Vault encrypts secrets (variables and files) at rest so they can live safely in Git. It doesn't store plaintext centrally, isn't a secret-scanner, and doesn't rotate SSH keys.

Official docs
Study in Gnoseed →