Ansible - ansible-vault rekey command (change password)

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.

 

The ansible-vault rekey command can be used to change the vault password of a file that was encrypted by the ansible-vault command.

AVOID TROUBLE

If you use the ansible-vault rekey command to change the password of a vault encrypted file, the content of vault encrypted file will be changed, thus any playbook that is using the content of the encrypted file will need to be updated with the new encrypted string.

If the vault_password_file directive in ansible.cfg is being used to get the vault password from a file, you will not be prompted for the new vault password when attempting to rekey the vault encrypted file, which is probably not what you want. In this scenario, you can use the --ask-vault-pass, or comment out the vault_password_file directive in ansible.cfg, or update the vault password file to have the new password being used in the rekey.

Let's say foo.yml is encrypted. The following command will change the vault password of foo.yml.

ansible-vault rekey foo.yml

 

You will be prompted for the current vault password.

Vault password:

 

After providing the current vault password, you will be prompted to create the new vault password.

New Vault password:

 

After providing the new vault password, the following will be displayed.

Rekey successful

 


Refer to this article for the steps on how to configure passwordless authentication with the ansible-vault command.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 83757 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |