We have seen an extensive number of features from Ansible that are very useful to any DevOps engineer wanting to automate tasks in any IT department.
There is one design challenge with Ansible, and it is the fact that the playbooks are run from your own computer against remote servers, as shown in the following figure:
This can be a problem because as you are aware by now, Ansible uses secrets (ansible-vault secrets) and, potentially, some sensible information that can be intercepted or stolen from a workstation. This is not a problem in Chef or Puppet as they follow the bastion host approach, but it might be a problem for companies to choose Ansible.
One of the solutions for it comes from Red Hat with the name Ansible Tower. This software gets installed in your IT infrastructure (in this case, Google Cloud Platform) and offers a UI to be operated in the same way as if a CI server was, enabling the role access control to Ansible playbooks as well as a security layer that is not...