Ansible Vault¶
This feature of Ansible allows you to keep your sensitive data encrypted like passwords and keys.
- Ansible provide a command line tool ansible-vault for edit sensitive files.
- When you run a playbook then command line flag -ask-vault-pass or -vault-password-file can be used.
- Vault can encrypt any structured data file used by Ansible.
Create Encrypted File¶
ansible-vault create foo.yml
Edit Encrypted File¶
ansible-vault edit foo.yml
Rekeying Encrypted File¶
ansible-vault rekey foo.yml
View Content of Encrypted File¶
ansible-vault view foo.yml
Running a playbook with vault¶
ansible-playbook site.yml --ask-vault-pass
ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt
ansible-playbook site.yml --vault-password-file ~/.vault_pass.py