Ansible - Ansible Vault password file

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.


A vault password file can be used to provide the vault password when:


Create a file. The file can be named anything you want. The file doesn't have to be hidden, but often is.

touch .vault_password.txt


Ensure only the owner of the file and create and write to the file.

chmod 0600 .vault_password.txt


If you have a single password that is being used with every ansible-vault command, append your vault password to the file.

echo "itsasecret" > .vault_password.txt


If you have different passwords being used, append each key:value pair to the file.

echo "test:testpassword" >> .vault_password.txt
echo "prod:prodpassword" >> .vault_password.txt


You can then use the --vault-password-file command line option (if you are going to use the same password for all of the ansible-vault commands) . . .

ansible-vault --vault-password-file /usr/local/vault/.vault_password.txt view foo.txt


Or the --vault-id command line option (if you want to use different passwords).

ansible-vault create --vault-id test@/usr/local/ansible/vault/.vault_password.txt foo.txt


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 0320f in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |