Ansible Vault
Page content
Prepare: a password file
Create a simple password file.
In this post, I store it at ~/.ansible_vault_password.
How to use
Here are the simple snippets:
# Make encrypted file and start editing
ansible-vault create --vault-password-file ~/.ansible_vault_password ./foo.key
# Edit encrypted file
ansible-vault edit --vault-password-file ~/.ansibe_vault_password ./foo.key
# Encrypt original file
ansible-vault encrypt --vault-password-file ~/.ansible_vault_password ./foo.key
Tips
- Ansible-vault usees AES as its encryption algorithm.
- You can use executable file as a password file (don’t forget to add executable permission, unless you’ll get a HMAC error (you can check by appending
-vvvvoption).