Ansible Vault is a feature of ansible that allows you to keep sensitive data such as passwords or keys in encrypted files, rather than as plaintext in playbooks or roles. These vault files can then be distributed or placed in source control.
encrypt a file using ansible-vault
I created a vars file to test ansible-vault command
1 2 3
port: 443 greeting: "greeting from vars file" ansible_user: pi
the command of ansible vault ansible-vault encrypt filename Encrypt YAML file
1 2 3 4 5 6 7 8 9 10 11 12 13
anna@ansible-controller:~/Desktop/ansible-code/inventory/ansible-vault/vars-file$ ansible-vault encrypt vars.yml New Vault password: Confirm New Vault password: Encryption successful
port: 443 greeting: "greeting from vars file" ansible_user: pi
other commands: ansible-vault view filename View a vault encrypted file with inputting the password ansible-vault edit filename Edit a vault encrypted file with password, and without decrypt and encrypt
argument --ask-vault-pass
after encrypt the vars file, I am going to print the variable of “ansible_usr” in varsfile, following is the playbook:
1 2 3 4
tasks: - name: debug: msg: "{{ ansible_user }}"
because the varsfile is encrypted, the playbook can’t read it without password.
1 2
anna@ansible-controller:~/Desktop/ansible-code/inventory/ansible-vault$ ansible-playbook site.yml ERROR! Attempting to decrypt but no vault secrets found
So I need give an argument --ask-vault-pass after ansible-playbook command to let user input the password to decrypt the file.
PLAY [test ansible vault] **********************************************************************************************************************************************************************************************************************