Quick start to Ansible Vault

Start using Ansible Vault is pretty easy.

As usual, there is no magic here, you keep the key in mind or a file somewhere.

If you keep it in mind doesn’t sound very practical because you are trying to automate tasks without human intervention and either way you don’t want to type that long key each time.

(You can use this method for any kind of file, Ansible or not, for a picture is you like.)

Now, if you DO want to introduce the pass-key each time, then skip this section.

Create the file with the key

Just create a file with the pass inside with vi or echo, like this

  echo "my_password" >> .vault_pass 

Even the name of the file can be whatever you want like “cakes”, “.boring”, etc.

Keep the file hidden in the hard disk using the normal file privileges from Linux. Sounds pretty traditional right. I think is good enough, a weird file somewhere in the disk that only you and root know about.

Next, use it as an environment variable in your user_id profile $HOME/.profile or system-wide /etc/environment, and add it with:

 export ANSIBLE_VAULT_PASSWORD_FILE="$HOME/.vault_pass"

In this way, Ansible will automatically use it to encrypt and decrypt.

Create, encrypt, view, and edit files

The next steps are very easy:

1.- create an encrypted file

 ansible-vault create your_file 

2.- encrypt an existing file

 ansible-vault encrypt your_file 

3.- view an encrypted file

 ansible-vault view your_file 

4.- edit an encrypted file

  ansible-vault edit your_file 

That’s all.

Refer to Ansible Documentation at https://docs.ansible.com/ansible/latest/user_guide/vault.html