In this article we are going to cover How to use Ansible Vault?
Ansible Vault is a feature of Ansible that allows users to encrypt sensitive data such as passwords, SSH keys, and other secrets. This encrypted data can then be safely used within Ansible playbooks, templates, and variable files without exposing sensitive content in plain text.

Some key features and concepts related to Ansible Vault include:

  1. Encryption and Decryption: Ansible Vault can encrypt any structured data file used by Ansible. Once encrypted, the content of the file can only be viewed or edited by providing the correct vault password.
  2. Vault Password: To encrypt or decrypt data, Ansible Vault requires a password. This password can be provided interactively, from a file, or from a script.
  3. Multiple Vaults: Starting from Ansible version 2.4, users can use multiple vault passwords, allowing for different levels of access to different files.

Ansible Vault Examples:

Example1: How to check the version of ansible-vault command on Linux ?

amaster@Rushi-Infotech:~$ ansible-vault --version

Output in Terminal:

Example2: How to Create an Encrypted File Using ansible-vault command

1. Creating a New Encrypted File

To create a new encrypted file named secrets.yml:

amaster@Rushi-Infotech:~$ ansible-vault create secrets.yml

2.Encrypting an existing plaintext file:

To encrypt file an existing file use below command

amaster@Rushi-Infotech:~$ ansible-vault encrypt plain.yml

3.Decrypting an encrypted file:

amaster@Rushi-Infotech:~$ ansible-vault decrypt secrets.yml

4. How to manage the encryption password:

amaster@Rushi-Infotech:~$ ansible-vault rekey secrets.yml

5.Editing an Encrypted File:

To edit an already encrypted file:

amaster@Rushi-Infotech:~$ ansible-vault edit secrets.yml

You’ll be prompted for the vault password. The file will be decrypted for editing, then re-encrypted upon saving and exiting the editor.

6.Using Encrypted Files in Playbooks

To use an encrypted file in a playbook, you can execute the ansible-playbook command with the --ask-vault-pass flag:

amaster@Rushi-Infotech:~$ ansible-playbook my_playbook.yml --ask-vault-pass


In this article we have covered How to use Ansible Vault.

Related Articles:

Real Time Scenerios Ansible playbooks with labs


Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *