GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  ANSIBLE-VAULT (1)

.ds Aq ’

NAME

ansible-vault - manage encrypted YAML data.

CONTENTS

SYNOPSIS

ansible-vault [create|decrypt|edit|encrypt|rekey] [--help] [options] file_name

DESCRIPTION

ansible-vault can encrypt any structured data file used by Ansible. This can include group_vars/ or host_vars/ inventory variables, variables loaded by include_vars or vars_files, or variable files passed on the ansible-playbook command line with -e @file.yml or -e @file.json. Role variables and defaults are also included!

Because Ansible tasks, handlers, and so on are also data, these can also be encrypted with vault. If you\(cqd like to not betray what variables you are even using, you can go as far to keep an individual task file entirely encrypted.

COMMON OPTIONS

The following options are available to all sub-commands:

--vault-password-file=FILE

A file containing the vault password to be used during the encryption/decryption steps. Be sure to keep this file secured if it is used.

-h, --help

Show a help message related to the given sub-command.

--debug

Enable debugging output for troubleshooting.

CREATE

$ ansible-vault create [options] FILE

The create sub-command is used to initialize a new encrypted file.

First you will be prompted for a password. The password used with vault currently must be the same for all files you wish to use together at the same time.

After providing a password, the tool will launch whatever editor you have defined with $EDITOR, and defaults to vim. Once you are done with the editor session, the file will be saved as encrypted data.

The default cipher is AES (which is shared-secret based).

EDIT

$ ansible-vault edit [options] FILE

The edit sub-command is used to modify a file which was previously encrypted using ansible-vault.

This command will decrypt the file to a temporary file and allow you to edit the file, saving it back when done and removing the temporary file.

REKEY

*$ ansible-vault rekey [options] FILE_1 [FILE_2, ..., FILE_N]

The rekey command is used to change the password on a vault-encrypted files. This command can update multiple files at once, and will prompt for both the old and new passwords before modifying any data.

ENCRYPT

*$ ansible-vault encrypt [options] FILE_1 [FILE_2, ..., FILE_N]

The encrypt sub-command is used to encrypt pre-existing data files. As with the rekey command, you can specify multiple files in one command.

DECRYPT

*$ ansible-vault decrypt [options] FILE_1 [FILE_2, ..., FILE_N]

The decrypt sub-command is used to remove all encryption from data files. The files will be stored as plain-text YAML once again, so be sure that you do not run this command on data files with active passwords or other sensitive data. In most cases, users will want to use the edit sub-command to modify the files securely.

AUTHOR

Ansible was originally written by Michael DeHaan. See the AUTHORS file for a complete list of contributors.

COPYRIGHT

Copyright © 2014, Michael DeHaan

Ansible is released under the terms of the GPLv3 License.

SEE ALSO

ansible(1), ansible-pull(1), ansible-doc(1)

Extensive documentation is available in the documentation site: http://docs.ansible.com. IRC and mailing list info can be found in file CONTRIBUTING.md, available in: https://github.com/ansible/ansible

Search for    or go to Top of page |  Section 1 |  Main Index


Ansible 1&.9&.0 ANSIBLE-VAULT (1) 03/10/2015

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.