In this chapter, you learned how to secure the data passed to the playbooks using Ansible-vault. We started with the need to encrypt data, how the vault works, and which cipher it uses. We then started to dive into the Ansible-vault utility and basic operations such as creating encrypted files, decrypting, rekeying, and so on. You also learned how to encrypt existing files by running Ansible-vault on the vars
file holding the database credentials. Finally, we added SSL support to Nginx and you learned how to securely store private keys and certificates for the web server using the vault and copying them using templates. Note that Ansible vault offers a way to provide data to Ansible modules securely. In addition to using the vault, additional system security measures are advised that do not come under the purview of this text.
After learning about vault, in the next chapter, we will start learning about the various approaches to managing multiple environments such as development,...