The ansible-vault command can be used to perform a number of tasks.
Additionally, there are a few command line options to be aware of.
This assumes you have created the Ansible Vault password file. Let's say the password file is:
/usr/local/vault/.vault_password.txt
A vault password file can be used to provide the vault password when:
For example, you can view an encrypted file (foo.txt) by including the --vault-password-file command line option and you will not be prompted for the vault password.
ansible-vault --vault-password-file /usr/local/vault/.vault_password.txt view foo.txt
Or, let's say you are using the --ask-pass flag with the ansible-playbook command.
ansible-playbook foo.yml --ask-pass
In this example, .vault_password.txt would be an unencrypted cleartext file that contains the password used to make an SSH connection to the managed nodes.
ansible-playbook foo.yml --vault-password-file /usr/local/vault/.vault_password.txt
Or, you could instead use the --vault-id command line option.
ansible-vault --vault-id test@/usr/local/vault/.vault_password.txt view foo.txt
Or, you could define vault_password_file your users personal ansible.cfg (e.g. /home/john.doe/ansible.cfg).
vault_password_file = /home/john.doe/.vault_password.txt
Or, you could define the ANSIBLE_VAULT_PASSWORD_FILE environment variable in your user's hidden bash profile file (e.g. /home/john.doe/.bash_profile).
export ANSIBLE_VAULT_PASSWORD_FILE=/usr/local/vault/.vault_password.txt
And you should now be able to issue ansible-vault command without being prompted for the vault password and without having to use the --vault-password-file or --vault-id command line options.
ansible-vault view foo.txt