Ansible - ansible-vault decrypt command

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.

 

The ansible-vault decrypt command is used to decrypt a file that was encrypted by the ansible-vault command. Let's say foo.txt was encrypted by the ansbile-vault command.

Before decrypting the file, you'll want to determine if the file was encrypted using a certain vault id. In this example, the file was encrypted using the "test" id.

~]$ cat foo.txt
$ANSIBLE_VAULT;1.2;AES256;test
38626262613533326438383838363032346366643231633838393661633061633830383832643062
6666663233666435636165323038653462343732343264310a616532376238616537613832363565
63336561303230626332326436303830356335343061386333636131386435316633396464353832
3631303831333164610a393266346630313635313831626639303961663330333736393236373032
3062

 

The following command will decrypt the file.

ansible-vault decrypt foo.txt

 

You will be prompted to for the vault password.

Vault password:

 

Or, to avoid being prompted for the vault password, if the file is not associated with a vault id, the --vault-password-file command line option can be used.

ansible-vault decrypt --vault-password-file /usr/local/vault/.vault_password.txt foo.txt

 

If the file is associated with a vault id, the --vault-id command line option can be used.

ansible-vault decrypt --vault-id test@/usr/local/ansible/vault/.vault_password.txt foo.txt

 

If the file was successful decrypted, the following will be displayed.

Decryption successful


 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 9c4aa in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |