1
00:00:00,800 --> 00:00:05,540
In this video, we are going to learn how to encrypt strings within a playbook.

2
00:00:05,810 --> 00:00:10,100
So we learn how to encrypt the entire playbook previously.

3
00:00:10,110 --> 00:00:17,000
But do you know that we could actually encrypt strings or words within a playbook?

4
00:00:17,360 --> 00:00:17,960
Yes.

5
00:00:17,960 --> 00:00:21,890
We do not have to go through the entire playbook, securing it.

6
00:00:21,920 --> 00:00:30,500
We could actually use a simple words encrypted using Ansible wall command, and then we could use that

7
00:00:30,500 --> 00:00:34,220
encryption and paste it inside of our playbook.

8
00:00:34,250 --> 00:00:35,540
So let's take an example.

9
00:00:35,540 --> 00:00:40,850
So we will run the command ansible dash wall space, encrypt, underscore string option.

10
00:00:40,850 --> 00:00:44,270
And let's say at this point we want to encrypt the word HTTP.

11
00:00:44,990 --> 00:00:51,650
In this case, for example, you wanted to run a playbook and you do not want to show which package

12
00:00:51,650 --> 00:00:53,120
is being installed.

13
00:00:53,690 --> 00:00:54,580
Clever, right?

14
00:00:54,590 --> 00:01:02,600
So then what we will do is we will write the Ansible World Playbook by and the name of the playbook

15
00:01:02,600 --> 00:01:04,980
would be output by string dynamo.

16
00:01:05,030 --> 00:01:08,810
So you could use a vim command first and then encrypted.

17
00:01:08,810 --> 00:01:16,580
Or you could you use create command, provide the password, so which will encrypt your entire playbook

18
00:01:17,210 --> 00:01:19,670
and then let you edit the file.

19
00:01:19,700 --> 00:01:20,050
All right.

20
00:01:20,060 --> 00:01:21,170
Either way, you pick.

21
00:01:21,200 --> 00:01:29,030
Then what we'll do is we'll define that a a YAML file name of the playbook will be test encrypted output.

22
00:01:29,060 --> 00:01:31,010
The host will be local host.

23
00:01:31,010 --> 00:01:39,560
And then we are adding a variable so we could pass our string through the variable and the string,

24
00:01:39,590 --> 00:01:44,990
the encrypted string that we have is this entire value.

25
00:01:45,200 --> 00:01:52,460
We are putting this entire encrypted value of our http d through our vars variable.

26
00:01:52,670 --> 00:01:59,210
And by the way, when we run this first command, this will output this exact encryption which we will

27
00:01:59,210 --> 00:02:00,080
cover in a second.

28
00:02:00,080 --> 00:02:08,150
So then we will define the task and the task is to print the encrypted string and we'll use the debug

29
00:02:08,150 --> 00:02:14,390
message to show the actual output of that string.

30
00:02:14,600 --> 00:02:16,070
So let's take a look.

31
00:02:16,070 --> 00:02:22,700
Let's go to our Ansible control node and this time I'm going through the Telnet, so through the putty

32
00:02:22,700 --> 00:02:23,300
session.

33
00:02:23,300 --> 00:02:25,730
So this way we will have a bigger screen.

34
00:02:25,730 --> 00:02:26,090
All right.

35
00:02:26,090 --> 00:02:34,810
So very first thing is we'll encrypt the the word HTTP PD, so we'll do ansible, dash, walled and

36
00:02:34,820 --> 00:02:35,600
crypt.

37
00:02:37,590 --> 00:02:42,930
Underscore string is just a word, package word that I picked.

38
00:02:42,960 --> 00:02:45,150
Now you have to specify the password.

39
00:02:49,290 --> 00:02:49,910
All right.

40
00:02:49,920 --> 00:02:54,930
You see, as soon as you run the command, you are given the walled encryption.

41
00:02:55,020 --> 00:03:00,030
So this is the entire encryption which translates into HTTP.

42
00:03:00,330 --> 00:03:04,470
So we are now going to write the HTTP package.

43
00:03:04,590 --> 00:03:12,180
Instead, we will take this value, this encrypted value, and we will paste that inside of the playbook.

44
00:03:12,820 --> 00:03:12,990
All right.

45
00:03:12,990 --> 00:03:19,920
So I have already created a playbook earlier and I called it output by string yaml.

46
00:03:21,000 --> 00:03:21,270
All right.

47
00:03:21,270 --> 00:03:24,870
So let's take a look at our playbook.

48
00:03:24,900 --> 00:03:33,720
I am in Etsy Ads Playbooks Directory and the file name is a put by string.

49
00:03:33,750 --> 00:03:34,650
Here it is.

50
00:03:34,920 --> 00:03:39,180
This is a file that can be viewed by anyone.

51
00:03:39,390 --> 00:03:39,870
You see?

52
00:03:39,870 --> 00:03:44,060
You could see the file because I did not encrypt the entire playbook.

53
00:03:44,070 --> 00:03:52,800
I just used the Vim command earlier, created the playbook, and simply pasted this entire value from

54
00:03:52,800 --> 00:03:58,170
here all the way to here right after this variable.

55
00:03:58,170 --> 00:04:04,080
And the variable I have named secret you can pick any name is just a secret that I picked.

56
00:04:04,110 --> 00:04:04,650
All right.

57
00:04:04,860 --> 00:04:11,150
Now, what I will do is I will run this command.

58
00:04:11,160 --> 00:04:17,070
Sorry, I will run the Ansible playbook command with the ask option.

59
00:04:17,070 --> 00:04:19,280
So we could run this playbook.

60
00:04:19,290 --> 00:04:23,040
So for that, we'll do ansible dash playbook.

61
00:04:23,280 --> 00:04:28,030
And the name of the playbook is output dash output by a string dynamo.

62
00:04:28,110 --> 00:04:29,420
And then dash, dash.

63
00:04:29,430 --> 00:04:33,060
Ask Walt Dash.

64
00:04:34,000 --> 00:04:34,890
Pass.

65
00:04:34,900 --> 00:04:42,100
So this same option will be used if you have encrypted the entire playbook or if you have encrypted

66
00:04:42,100 --> 00:04:43,120
just a string.

67
00:04:43,600 --> 00:04:43,870
All right.

68
00:04:43,870 --> 00:04:45,520
Let's go ahead and hit enter.

69
00:04:46,440 --> 00:04:51,900
Now it will ask you for the password that you used when you encrypted that string.

70
00:04:55,850 --> 00:04:56,510
Okay.

71
00:04:59,100 --> 00:05:00,090
Decryption failed.

72
00:05:00,090 --> 00:05:00,600
No walls.

73
00:05:00,600 --> 00:05:02,850
Secrets were found that could be decrypted.

74
00:05:03,180 --> 00:05:07,920
I did not provide the correct password when it asked me for the world password.

75
00:05:07,920 --> 00:05:09,120
So let me run it again.

76
00:05:11,630 --> 00:05:14,930
Now let me provide the right password.

77
00:05:15,230 --> 00:05:15,760
Okay.

78
00:05:17,100 --> 00:05:17,400
All right.

79
00:05:17,400 --> 00:05:18,390
So it ran.

80
00:05:18,450 --> 00:05:21,170
This is the point where it ran.

81
00:05:21,210 --> 00:05:28,890
And right here, you see it says where I wanted the encryption, the actual word or string to be displayed

82
00:05:28,980 --> 00:05:31,500
here on the debug module.

83
00:05:31,890 --> 00:05:38,820
And the variable that I'm using is the secret, which is pointing back to the variable.

84
00:05:38,820 --> 00:05:43,470
And the variable is saying I am a container and I have this value.

85
00:05:43,620 --> 00:05:49,230
All right, I'm saying display this value and it is displaying and instead of entire encryption, it

86
00:05:49,230 --> 00:05:55,560
is giving me the string value because I have already provided the password.

87
00:05:55,560 --> 00:05:59,910
So it could be decrypted and it could show me the actual string.

88
00:06:00,090 --> 00:06:08,160
That's how the string works, where you could encrypt a single string or multiple strings together and

89
00:06:08,160 --> 00:06:10,350
you could paste that inside of your playbook.

90
00:06:10,350 --> 00:06:14,190
So you do not have to encrypt the entire playbook.