Ansible - vault_password_file ansible.cfg

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.

  • --ask-vault-pass - prompt for the vault password
  • --vault-id - use a specific users password in a file
  • --vault-password-file - use a single password in a file

 

This assumes you have created the Ansible Vault password file. Let's say the password file is:

/usr/local/vault/.vault_password.txt

 

A vault password file can be used to provide the vault password when:

 

You could define vault_password_file in the same directory that the ansible-playbook command will be issued from or from your users personal ansible.cfg (e.g. /home/john.doe/.ansible.cfg).

AVOID TROUBLE

I can't think of any reason why you would ever want to define vault_password_file in the global /etc/ansible/ansible.cfg file. 

[defaults]
vault_password_file = /home/john.doe/.vault_password.txt

 

Then you can view an encrypted file (foo.txt) without having to include the --vault-password-file or --vault-id command line options.

ansible-vault view foo.txt

 

Or For example, you can view an encrypted file (foo.txt) by including the --vault-password-file command line option and you will not be prompted for the vault password.

ansible-vault --vault-password-file /usr/local/vault/.vault_password.txt view foo.txt

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 54ce3 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |