Tuesday, 24 November, 2020
Vagrant - Using Private Passwords in Configuration Files
How to Include Sensitive Credentials in Vagrant Files
A quick post today explaining how to keep secret, private, credentials out of your Vagrant configuration files.
This is relevant when configuring Vagrant and it's necessary to include username and password information (if you don't wish to retype the password each time).
As an example, imagine running VirtualBox with a Hyper-V provider using an SMB file share and needing to share the Vagrant configuration file in source control.
An example Vagrant file, showing how to configure Vagrant to use an SMB file share on a www folder is given below.
The username and password information are substituted with references to variables in an external Ruby module called Secrets, inside the
vagrant_credentials.rb file; see the variables
require_relative 'vagrant_credentials.rb' include Secrets Vagrant.configure("2") do |config| config.vm.provider "hyperv" config.vm.box = "generic/debian9" # ... config.vm.synced_folder "./www", "/var/www", type: "smb", smb_username:smb_password:Secrets::SMB_User, smb_password:Secrets::SMB_Password, mount_options: ["nolock", "dir_mode=0777", "file_mode=0777"] # ... end
Because the username and password credentials are not included the file can be shared and checked in to source control without exposing confidential information.
vagrant_credentials.rb file with sample credentials is given below for completeness:
module Secrets SMB_Password = "Bob" SMB_Password = "WasHere1" end
This technique allows auto-filling of the username and password information without exposing them.
Take care not to leak the "secret" Ruby module; consider adding the module's filename to .gitignore and encrypting files on your disk if you have concerns.
Want to Thank Me?
Did you like the article? Was it helpful? If so why not buy me a coffee using Paypal? Buy me a coffee at https://www.paypal.me/justaguycoding