Bootstrap FreeKB - Ansible - ANSIBLE_VAULT_PASSWORD_FILE environment variable
Ansible - ANSIBLE_VAULT_PASSWORD_FILE environment variable

Updated:   |  Ansible articles

If you are not familiar with the Ansible Vault, check out my article Getting Started with the Ansible Vault.

The ansible-vault command can be used to perform a number of tasks.

Additionally, there are a few command line options to be aware of.

  • --ask-vault-pass - prompt for the vault password
  • --vault-id - use a specific users password in a file
  • --vault-password-file - use a single password in a file


This assumes you have created the Ansible Vault password file. Let's say the password file is:



A vault password file can be used to provide the vault password when:


For example, you can view an encrypted file (foo.txt) by including the --vault-password-file command line option and you will not be prompted for the vault password.

ansible-vault --vault-password-file /usr/local/vault/.vault_password.txt view foo.txt


Instead of using the --vault-password-file command line option, you can use the ANSIBLE_VAULT_PASSWORD_FILE environment variable. The export command can be used to temporarily define the ANSIBLE_VAULT_PASSWORD_FILE environment variable.

However, this doesn't make much sense, because then you would have to issue the export command every time you connect to the Ansible system. Instead, you can permanently define the ANSIBLE_VAULT_PASSWORD_FILE environment variable in your users hidden .bash_profile file (e.g. /home/john.doe/.bash_profile).

export ANSIBLE_VAULT_PASSWORD_FILE=/usr/local/vault/.vault_password.txt


The echo command can be used to confirm the ANSIBLE_VAULT_PASSWORD_FILE environment variable contains the path to your vault password file.



Or, you could define vault_password_file in your users personal ansible.cfg (e.g. /home/john.doe/ansible.cfg).

vault_password_file = /home/john.doe/.vault_password.txt


And you should now be able to issue ansible-vault command without being prompted for the vault password and without having to use the --vault-password-file or --vault-id command line options.

ansible-vault view foo.txt


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter cfec0b in the box below so that we can be sure you are a human.