Bootstrap FreeKB - Ansible - ansible-vault view command
Ansible - ansible-vault view command

Updated:   |  Ansible articles

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.


Let's say you used the ansible-vault create command to create vault.yml, and vault.yml contains "Hello World".

The ansible-vault view command is used to view the content of a file that was encrypted by the ansible-vault createansible-vault edit or ansible-vault encrypt command.

Before viewing the file, you'll want to determine if the file was encrypted using a certain vault id. In this example, the file was encrypted using the "test" id.

~]$ cat vault.yml


The following command will view the file.

ansible-vault view vault.yml


You will be prompted to for the vault password.

Vault password:


After providing the valid vault password, the content of the encrypted file will be displayed.

Hello World


Or, to avoid being prompted for the vault password, if the file is not associated with a vault id, the --vault-password-file command line option can be used.

ansible-vault view --vault-password-file /usr/local/ansible/vault/.vault_password.txt vault.yml


If the file is associated with a vault id, the --vault-id command line option can be used.

ansible-vault view --vault-id test@/usr/local/ansible/vault/.vault_password.txt vault.yml


Or you could set the vault_password_file directive in your ansible.cfg file.

vault_password_file = /usr/local/ansible/vault/.vault_password.txt


In this scenario, you wouldn't need to use any of the vault password command line options (--ask-vault-pass--vault-password-file--vault-id).

ansible-playbook example.yml


In a playbook, the shell module could be used to invoke the ansible-vault command. In this example, the register parameter is used to store the output in the "out" variable and the debug module could be used to validate that the "out" variable contains the plain text content of vault.yml.

- hosts: localhost
  - shell: "ansible-vault view vault.yml"
    register: out

  - debug: 
      var: out


Which should output something like this.

ok: [localhost] => {
    "msg": "Hello World"


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter 1d24e5 in the box below so that we can be sure you are a human.