You can store your passwords both encrypted and separately from the rest of your information so that it is safe to share with others, or to use in version control.

These encrypted files can be used by the playbook either by:

include_vars/vars_files keywords
variables passed to ansible on command-line with ``ansible -e @file.yml``
role variables/defaults files

## Ansible uses PyCrypto module for encryption, which is slow
## speed things up with cryptography module
sudo pip2 install cryptography

Creating New Encrypted File

ansible-vault create   my-encrypted-file.yml     ## create encrypted file
ansible-vault edit     my-encrypted-file.yml     ## edit encrypted file
ansible-vault rekey    my-encrypted-file.yml     ## create new password on file


ansible-vault encrypt  my-regular-file.yml       ## encrypt a non-encrypted file
ansible-vault decrypt   my-encrypted-file.yml    ## decrypt a encrypted file

Using Encrypted Files

# if playbook includes encrypted files,
# run your site.yml  with the following flag
ansible-playbook site.yml \
    --ask-vault-pass  

# read password from a file (chmod 400)
ansible-playbook site.yml \
    --vault-password-file \
    ~/mypass.txt

Anonymous

Search

Ansible vault

Namespaces

More

Page actions

Creating New Encrypted File

Using Encrypted Files

Navigation

Navigation

Programs

QuickRef

Operating Systems

wiki pages

Wiki tools

Wiki tools

Anonymous

Search

Ansible vault

Creating New Encrypted File

Using Encrypted Files

Navigation

Wiki tools

Page tools