Ansible vault / password encrytion

ansible-vault

• create: open a file and encrypt it when close
• decrypt
• edit
• view
• encrypt: encrypt a file or variable
• rekey: reencrypt

Add option –vault-password-file <filename_not_encrypt> to prevent asking password

ansible vault

vaultID: multi-password

ansible-vault encrypt --vault-id pwd.txt group_vars/all/vault.txt

ansible-vault encrypt --vault-id @prompt group_vars/all/vault.txt

ansible -i "127.0.0.1," all --vault-id pwd.txt -m debug -a "msg='{{mysecret}}'"

Now add a specific ID (;id1) into the vaulting file
$ANSIBLE_VAULT;1.1;AES256;id1

ansible -i "127.0.0.1," all --vault-id id1@pwd.txt -m debug -a "msg='{{mysecret}}'"

Variables used by ansible cfg

ansible_user
ansible_password