Tuesday, 24 November, 2020

Vagrant - Using Private Passwords in Configuration Files

How to Include Sensitive Credentials in Vagrant Files


A quick post today explaining how to keep secret, private, credentials out of your Vagrant configuration files.

This is relevant when configuring Vagrant and it's necessary to include username and password information (if you don't wish to retype the password each time).

Example Scenario

As an example, imagine running VirtualBox with a Hyper-V provider using an SMB file share and needing to share the Vagrant configuration file in source control.

An example Vagrant file, showing how to configure Vagrant to use an SMB file share on a www folder is given below.

The username and password information are substituted with references to variables in an external Ruby module called Secrets, inside the vagrant_credentials.rb file; see the variables Secrets::SMB_User and Secrets::SMB_Password respectively.

require_relative 'vagrant_credentials.rb'
include Secrets

Vagrant.configure("2") do |config|
    config.vm.provider "hyperv"
    config.vm.box = "generic/debian9"

    # ...

    config.vm.synced_folder "./www", "/var/www", type: "smb", smb_username:smb_password:Secrets::SMB_User, smb_password:Secrets::SMB_Password, mount_options: ["nolock", "dir_mode=0777", "file_mode=0777"]

    # ...

Because the username and password credentials are not included the file can be shared and checked in to source control without exposing confidential information.

An example vagrant_credentials.rb file with sample credentials is given below for completeness:

module Secrets
    SMB_Password = "Bob"
    SMB_Password = "WasHere1"


This technique allows auto-filling of the username and password information without exposing them.

Take care not to leak the "secret" Ruby module; consider adding the module's filename to .gitignore and encrypting files on your disk if you have concerns.

Want to Thank Me?

Did you like the article? Was it helpful? If so why not buy me a coffee using Paypal? Buy me a coffee at https://www.paypal.me/justaguycoding