DragonFly On-Line Manual Pages
ANSIBLE-VAULT(1) System administration commands ANSIBLE-VAULT(1)
NAME
ansible-vault - encryption/decryption utility for Ansible data files
SYNOPSIS
ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey|view]
[options] [vaultfile.yml]
DESCRIPTION
can encrypt any structured data file used by Ansible. This can include
group_vars/ or host_vars/ inventory variables, variables loaded by
include_vars or vars_files, or variable files passed on the ansible-
playbook command line with -e @file.yml or -e @file.json. Role
variables and defaults are also included!
Because Ansible tasks, handlers, and other objects are data, these can
also be encrypted with vault. If you'd like to not expose what
variables you are using, you can keep an individual task file entirely
encrypted.
The password used with vault currently must be the same for all files
you wish to use together at the same time.
COMMON OPTIONS
--ask-vault-pass
ask for vault password
--new-vault-id NEW_VAULT_ID
the new vault identity to use for rekey
--new-vault-password-file
new vault password file for rekey
--vault-id
the vault identity to use
--vault-password-file
vault password file
--version
show program's version number and exit
-h, --help
show this help message and exit
-v, --verbose
verbose mode (-vvv for more, -vvvv to enable connection debugging)
ACTIONS
encrypt
encrypt the supplied file using the provided vault secret
--output
output file name for encrypt or decrypt; use - for stdout
rekey
re-encrypt a vaulted file with a new secret, the previous secret is
required
encrypt_string
encrypt the supplied string using the provided vault secret
-p, --prompt
Prompt for the string to encrypt
-n, --name
Specify the variable name
--output
output file name for encrypt or decrypt; use - for stdout
--stdin-name ENCRYPT_STRING_STDIN_NAME
Specify the variable name for stdin
edit
open and decrypt an existing vaulted file in an editor, that will
be encryped again when closed
create
create and open a file in an editor that will be encryped with the
provided vault secret when closed
decrypt
decrypt the supplied file using the provided vault secret
--output
output file name for encrypt or decrypt; use - for stdout
view
open, decrypt and view an existing vaulted file using a pager using
the supplied vault secret
ENVIRONMENT
The following environment variables may be specified.
ANSIBLE_CONFIG -- Override the default ansible config file
Many more are available for most options in ansible.cfg
FILES
/usr/local/etc/ansible/ansible.cfg -- Config file, used if present
~/.ansible.cfg -- User config file, overrides the default config if
present
AUTHOR
Ansible was originally written by Michael DeHaan. See the AUTHORS file
for a complete list of contributors.
COPYRIGHT
Copyright (C) 2017 Red Hat, Inc | Ansible. Ansible is released under
the terms of the GPLv3 License.
SEE ALSO
ansible(1), ansible-config(1), ansible-console(1), ansible-doc(1),
ansible-galaxy(1), ansible-inventory(1), ansible-playbook(1),
ansible-pull(1),
Extensive documentation is available in the documentation site:
http://docs.ansible.com. IRC and mailing list info can be found in file
CONTRIBUTING.md, available in: https://github.com/ansible/ansible
Ansible 2.4.2.0 11/29/2017 ANSIBLE-VAULT(1)