How to specify sudo password in Ansible

Ansible is an open-source automation tool that simplifies the configuration management, application deployment, and task automation on multiple systems simultaneously. It is designed to be agentless, which means it doesn't require any software to be installed on the target machines. Instead, Ansible connects to the hosts using SSH and uses YAML-based scripts called playbooks to define the desired state of the system.

Ansible privilege management

In some cases, when running Ansible tasks, you may need elevated privileges on the target machine. The sudo password is required when you want to execute commands as a privileged user (usually root) using become feature.

Here's how you can specify a sudo password in Ansible:

Using --ask-become-pass option

When running your Ansible playbook or command, include the --ask-become-pass option. For example:

ansible-playbook main.yml --ask-become-pass
--ask-become-pass command

Note: The --ask-become-pass option tells Ansible to prompt you for the sudo password during execution.

Executable code

---
- name: Hello, World! Playbook
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Print Hello, World!
      debug:
        msg: "Hello, World!"

Using a password file

To avoid entering the password interactively, you can store the sudo password in a file. This is useful for automation and scripting purposes. However, ensure you secure the password file properly since it contains sensitive information.

  1. Create a file (e.g., sudo_password.txt) and store the sudo password in it:

echo "your_sudo_password_here" > sudo_password.txt
Command to create a sudo_password.txt file

Note: Replace your_sudo_password_here with the actual sudo password you want to use.

  1. Set the permissions of the file to restrict access:

chmod 600 sudo_password.txt
Command to set restrict access

  1. Then, use the --ask-become-pass option with --become-password-file to reference the password file:

ansible-playbook main.yml --become-password-file=sudo_password.txt
Command to reference the password file

Now, Ansible will use the password from the specified file during the execution.

Executable code

---
- name: Hello, World! Playbook
  hosts: localhost
  gather_facts: false

  tasks:
    - name: Print Hello, World!
      debug:
        msg: "Hello, World!"

Keep in mind that storing passwords in plain text files may have security implications. Consider using password managers or other secure methods to handle sensitive data if possible. Also, in a more secure environment, consider using SSH keys for privilege escalation instead of passwords.

Conclusion

Ansible is an automation tool for configuration management, deployment, and task automation. To specify the sudo password, use --ask-become-pass interactively or --become-password-file with a password file. Secure sensitive data and consider SSH keys for better security.

New on Educative
Learn to Code
Learn any Language as a beginner
Develop a human edge in an AI powered world and learn to code with AI from our beginner friendly catalog
🏆 Leaderboard
Daily Coding Challenge
Solve a new coding challenge every day and climb the leaderboard

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved