Designing Cisco Data Center Infrastructure (DCID) — Question 171

An engineer needs to configure multiple network devices using Ansible. Device passwords must meet these requirements:
• be stored securely
• not be visible as plaintext
• be available to Ansible playbooks for executing scripts

Which solution must the engineer choose?

Answer options

• A. Encrypt a password variable file using Ansible Vault.
• B. Store the passwords within a Git repository Secrets Manager.
• C. Encrypt passwords as Ansible environment variables.
• D. Encrypt the passwords within the Ansible inventory file.

Correct answer: A

Explanation

The correct answer is A because Ansible Vault allows for secure encryption of sensitive information, such as passwords, ensuring they are not visible as plaintext and can be used in playbooks. The other options either do not provide adequate security or do not integrate directly with Ansible's functionality for script execution.