table of contents
ANSIBLE-VAULT(1) | System administration commands | ANSIBLE-VAULT(1) |
NAME¶
ansible-vault - encryption/decryption utility for Ansible data files
SYNOPSIS¶
- usage: ansible-vault [-h] [--version] [-v]
- {create,decrypt,edit,view,encrypt,encrypt_string,rekey} ...
DESCRIPTION¶
can encrypt any structured data file used by Ansible. This can include group_vars/ or host_vars/ inventory variables, variables loaded by include_vars or vars_files, or variable files passed on the ansible-playbook command line with -e @file.yml or -e @file.json. Role variables and defaults are also included!
Because Ansible tasks, handlers, and other objects are data, these can also be encrypted with vault. If you'd like to not expose what variables you are using, you can keep an individual task file entirely encrypted.
COMMON OPTIONS¶
--version
-h, --help
-v, --verbose
ACTIONS¶
- create
- create and open a file in an editor that will be encrypted with the
provided vault secret when closed
--ask-vault-password, --ask-vault-pass
--encrypt-vault-id 'ENCRYPT_VAULT_ID'
--vault-id
--vault-password-file, --vault-pass-file
- decrypt
- decrypt the supplied file using the provided vault secret
--ask-vault-password, --ask-vault-pass
--output 'OUTPUT_FILE'
--vault-id
--vault-password-file, --vault-pass-file
- edit
- open and decrypt an existing vaulted file in an editor, that will be
encrypted again when closed
--ask-vault-password, --ask-vault-pass
--encrypt-vault-id 'ENCRYPT_VAULT_ID'
--vault-id
--vault-password-file, --vault-pass-file
- view
- open, decrypt and view an existing vaulted file using a pager using the
supplied vault secret
--ask-vault-password, --ask-vault-pass
--vault-id
--vault-password-file, --vault-pass-file
- encrypt
- encrypt the supplied file using the provided vault secret
--ask-vault-password, --ask-vault-pass
--encrypt-vault-id 'ENCRYPT_VAULT_ID'
--output 'OUTPUT_FILE'
--vault-id
--vault-password-file, --vault-pass-file
- encrypt_string
- encrypt the supplied string using the provided vault secret
--ask-vault-password, --ask-vault-pass
--encrypt-vault-id 'ENCRYPT_VAULT_ID'
--output 'OUTPUT_FILE'
--show-input
--stdin-name 'ENCRYPT_STRING_STDIN_NAME'
--vault-id
--vault-password-file, --vault-pass-file
-n, --name
-p, --prompt
- rekey
- re-encrypt a vaulted file with a new secret, the previous secret is
required
--ask-vault-password, --ask-vault-pass
--encrypt-vault-id 'ENCRYPT_VAULT_ID'
--new-vault-id 'NEW_VAULT_ID'
--new-vault-password-file 'NEW_VAULT_PASSWORD_FILE'
--vault-id
--vault-password-file, --vault-pass-file
ENVIRONMENT¶
The following environment variables may be specified.
ANSIBLE_CONFIG -- Specify override location for the ansible config file
Many more are available for most options in ansible.cfg
For a full list check https://docs.ansible.com/. or use the ansible-config command.
FILES¶
/etc/ansible/ansible.cfg -- Config file, used if present
~/.ansible.cfg -- User config file, overrides the default config if present
./ansible.cfg -- Local config file (in current working directory) assumed to be 'project specific' and overrides the rest if present.
As mentioned above, the ANSIBLE_CONFIG environment variable will override all others.
AUTHOR¶
Ansible was originally written by Michael DeHaan.
COPYRIGHT¶
Copyright © 2018 Red Hat, Inc | Ansible. Ansible is released under the terms of the GPLv3 license.
SEE ALSO¶
ansible (1), ansible-config (1), ansible-console (1), ansible-doc (1), ansible-galaxy (1), ansible-inventory (1), ansible-playbook (1), ansible-pull (1),
Extensive documentation is available in the documentation site: <https://docs.ansible.com>. IRC and mailing list info can be found in file CONTRIBUTING.md, available in: <https://github.com/ansible/ansible>
Ansible 2.14.14 |