Encrypt files with Ansible Vault

From Knowledge Center
Jump to: navigation, search

Ansible Vault

The content of our file:

$ cat vars/users.yml
create_users:
  - name: me
    comment: "Ruan Bekker"
    uid: 1024
    group: users
    groups: "adm,dialout,sudo,audio,video,plugdev,games,input,netdev,spi,i2c,gpio"
    pubkey: "ssh-rsa AAAAxxxxxxx pi@rpi-00"

Encrypt the file with ansible vault:

$ ansible-vault encrypt vars/users.yml
New Vault password:
Confirm New Vault password:
Encryption successful

View the encrypted file:

$ head -2 vars/users.yml
$ANSIBLE_VAULT;1.1;AES256
38396135306466663162393861353762376630396263333330303164613831323836326232363530

To view the content:

$ ansible-vault view vars/users.yml

To edit the content of the file:

$ ansible-vault edit vars/users.yml

To decrypt the file:

$ ansible-vault decrypt vars/users.yml

To change the password:

$ ansible-vault rekey vars/users.yml

Using ansible with a password file:

- https://www.digitalocean.com/community/tutorials/how-to-use-vault-to-protect-sensitive-ansible-data-on-ubuntu-16-04