Hide my password in Ansible Playbook

cn flag

I would like to run mysqldump in the Ansible playbook by the shell module. Trying to find a way to hide my MySQL root password in the ansible playbook or Ubuntu.

I currently have a file that was encrypted by ansible-vault to store my mysql root password then I can call the password as a variable in the playbook. But I would like crontab to run my ansible-playbook every day. So it is impossible to enter the vault password manually. I found ansible-vault can create a Vault Password File to store the vault password then we don't have to manually type the password when we run the ansible-playbook. But the content in the Vault Password File is still plain-text.......

How do I fully hide my password in the Ansible playbook and my Ubuntu system?

I am very new to Ansible, any help is appreciated!

in flag

That's not possible. At some point you need to store something that allows you to decrypt the password.

Use credentials that are generated specifically for this process, no personal credentials.
Restrict access to the password file to people who have to use it. There is nothing more you can do.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.