Ansible - Ansible Vault password file

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.

 

A vault password file can be used to provide the vault password when:

 

Create a file. The file can be named anything you want. The file doesn't have to be hidden, but often is.

touch .vault_password.txt

 

Ensure only the owner of the file and create and write to the file.

chmod 0600 .vault_password.txt

 

If you have a single password that is being used with every ansible-vault command, append your vault password to the file.

echo "itsasecret" > .vault_password.txt

 

If you have different passwords being used, append each key:value pair to the file.

echo "test:testpassword" >> .vault_password.txt
echo "prod:prodpassword" >> .vault_password.txt

 

You can then use the --vault-password-file command line option (if you are going to use the same password for all of the ansible-vault commands) . . .

ansible-vault --vault-password-file /usr/local/vault/.vault_password.txt view foo.txt

 

Or the --vault-id command line option (if you want to use different passwords).

ansible-vault create --vault-id test@/usr/local/ansible/vault/.vault_password.txt foo.txt

 

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 0320f in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |