Bootstrap FreeKB - Ansible - ansible-vault edit command
Ansible - ansible-vault edit command

Updated:   |  Ansible articles

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.


The ansible-vault edit command can be used to edit a file that has been encrypted by the ansible-vault command. Let's say vault.yml is encrypted.

Before editing the file, you'll want to determine if the file was encrypted using a certain vault it. In this example, the file was encrypted using the "test" id.

~]$ cat vault.yml


The following command can be used to edit vault.yml.

ansible-vault edit vault.yml


You will be prompted for the vault password.

Vault password:


Or, to avoid being prompted for the vault password, if the file is not associated with a vault id, the --vault-password-file command line option can be used.

ansible-vault edit --vault-password-file /usr/local/ansible/vault/.vault_password.txt vault.yml


If the file is associated with a vault id, the --vault-id command line option can be used.

ansible-vault edit --vault-id test@/usr/local/ansible/vault/.vault_password.txt vault.yml


Or you could set the vault_password_file directive in your ansible.cfg file.

vault_password_file = /usr/local/ansible/vault/.vault_password.txt


In this scenario, you wouldn't need to use any of the vault password command line options (--ask-vault-pass--vault-password-file--vault-id).

ansible-vault edit vault.yml


After providing the valid vault password, the file will open in your default editor, and you will be able to modify the file.


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter 1611c4 in the box below so that we can be sure you are a human.