Skip to content

BZanten/ansible.bitlocker

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
defaults
defaults
 
 
handlers
handlers
 
 
library
library
 
 
meta
meta
 
 
tasks
tasks
 
 
vars
vars
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 

Repository files navigation

Ansible Role: bitlocker

Build Status license Ansible Galaxy Ansible Role

Description

Enables BitLocker on your Windows machine.

Installation

ansible-galaxy install ansible.bitlocker

Requirements

  • Windows
    • Windows 8 or higher (tested on Windows 10),
    • Windows Server 2012 or higher.
  • TPM module 1.2 or higher

Role Variables

Variable Default Comments (type)
bitlocker_mount 'C:' The mountpoint (driveletter) of the volume to encrypt. This parameter will also support the values: 'All' (Encrypt all volumes), 'OS' (Encrypt the OS volume, typically C:), or 'Data' (Encrypt all non-OS volumes)
bitlocker_state enabled enabled or disabled
bitlocker_encryption XtsAes256 encryption algorithm
bitlocker_keyprotector RecoveryPasswordProtector Key protector to use: RecoveryPasswordProtector or TpmProtector. Note: only the Operating System volume can be protected with TPM, other volumes can be protected with a RecoveryPassword

TBD: The script will also try to backup the 'Recovery' KeyProtector to AD. This may become optional in a future version

Dependencies

  • No dependencies with other modules

Example Playbook

Example playbook using all defaults (will enable BitLocker on C:)

- hosts: all
  roles:
     - ansible.bitlocker

Example playbook using modified arguments

- hosts: Windows
  roles:
    - role: ansible.bitlocker
      bitlocker_encryption: "XtsAes256"
      bitlocker_mount: 'All'

Example playbook using variables

- hosts: Windows
  roles:
    - role: ansible.bitlocker
      vars:
        bitlocker_encryption: "XtsAes128"
        bitlocker_mount: 'C:'

Changelog

  • 1.0 Simon Bärlocher; Initial version
  • 2.0 Evi Vanoost; added BitLocker facts
  • 3.0 Ben van Zanten; moved values to vars, allow multiple volumes to be BitLockered Updated the BitLocker scripts to work with variables. Defaults are set in defaults\main.yml, variables are 'translated' in the Role file: tasks\main.yml from 'bitlocker_mount' to 'mount' in the included Module. Added new meta/argument_specs.yml to validate the parameters. Script can now BitLocker multiple volumes, where the C: drive is protected via a TPM, the other (data) volumes are unlocked via the C: drive. Script will also try to backup the recovery information to Active Directory

Author

License

This project is under the MIT License. See the LICENSE file for the full license text.

Copyright

  • (c) 2019, Simon Bärlocher
  • (c) 2020, Evi Vanoost
  • (c) 2021, Ben van Zanten

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 84.3%
  • Python 15.7%