====== Ansible vault / password encrytion ======

ansible-vault
  * create: open a file and encrypt it when close
  * decrypt
  * edit
  * view
  * encrypt: encrypt a file or variable
  * rekey: reencrypt

Add option --vault-password-file <filename_not_encrypt> to prevent asking password



ansible vault

vaultID: multi-password
<code>
ansible-vault encrypt --vault-id pwd.txt group_vars/all/vault.txt

ansible-vault encrypt --vault-id @prompt group_vars/all/vault.txt

ansible -i "127.0.0.1," all --vault-id pwd.txt -m debug -a "msg='{{mysecret}}'"

Now add a specific ID (;id1) into the vaulting file
$ANSIBLE_VAULT;1.1;AES256;id1

ansible -i "127.0.0.1," all --vault-id id1@pwd.txt -m debug -a "msg='{{mysecret}}'"
</code>


Variables used by ansible cfg
  ansible_user
  ansible_password