The ansible-vault command can be used to perform a number of tasks.
Additionally, there are a few command line options to be aware of.
A vault password file can be used to provide the vault password when:
Create a file. The file can be named anything you want. The file doesn't have to be hidden, but often is.
Ensure only the owner of the file and create and write to the file.
chmod 0600 .vault_password.txt
If you have a single password that is being used with every ansible-vault command, append your vault password to the file.
echo "itsasecret" > .vault_password.txt
If you have different passwords being used, append each key:value pair to the file.
echo "test:testpassword" >> .vault_password.txt echo "prod:prodpassword" >> .vault_password.txt
You can then use the --vault-password-file command line option (if you are going to use the same password for all of the ansible-vault commands) . . .
ansible-vault --vault-password-file /usr/local/vault/.vault_password.txt view foo.txt
Or the --vault-id command line option (if you want to use different passwords).
ansible-vault create --vault-id test@/usr/local/ansible/vault/.vault_password.txt foo.txt