1ANSIBLE-VAULT(1)        System administration commands        ANSIBLE-VAULT(1)
2
3
4

NAME

6       ansible-vault - encryption/decryption utility for Ansible data files
7

SYNOPSIS

9       ansible-vault   [create|decrypt|edit|encrypt|encrypt_string|rekey|view]
10       [options] [vaultfile.yml]
11

DESCRIPTION

13       can encrypt any structured data file used by Ansible.  This can include
14       group_vars/  or  host_vars/  inventory  variables,  variables loaded by
15       include_vars or vars_files, or variable files passed  on  the  ansible-
16       playbook  command  line with -e @file.yml or -e @file.json.  Role vari‐
17       ables and defaults are also included!
18
19       Because Ansible tasks, handlers, and other objects are data, these  can
20       also  be  encrypted with vault.  If you'd like to not expose what vari‐
21       ables you are using, you can keep  an  individual  task  file  entirely
22       encrypted.
23

COMMON OPTIONS

25       --ask-vault-pass
26          ask for vault password
27
28       --new-vault-id 'NEW_VAULT_ID'
29          the new vault identity to use for rekey
30
31       --new-vault-password-file
32          new vault password file for rekey
33
34       --vault-id
35          the vault identity to use
36
37       --vault-password-file
38          vault password file
39
40       --version
41          show program's version number, config file location, configured mod‐
42          ule search path, module location, executable location and exit
43
44       -h, --help
45          show this help message and exit
46
47       -v, --verbose
48          verbose mode (-vvv for more, -vvvv to enable connection debugging)
49

ACTIONS

51       encrypt
52              encrypt the supplied file using the provided vault secret
53
54              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
55                 the vault id used to encrypt (required if more than  vault-id
56                 is provided)
57
58              --output
59                 output file name for encrypt or decrypt; use - for stdout
60
61       rekey  re-encrypt a vaulted file with a new secret, the previous secret
62              is required
63
64              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
65                 the vault id used to encrypt (required if more than  vault-id
66                 is provided)
67
68       encrypt_string
69              encrypt the supplied string using the provided vault secret
70
71              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
72                 the  vault id used to encrypt (required if more than vault-id
73                 is provided)
74
75              --output
76                 output file name for encrypt or decrypt; use - for stdout
77
78              --stdin-name 'ENCRYPT_STRING_STDIN_NAME'
79                 Specify the variable name for stdin
80
81              -n,   --name
82                 Specify the variable name
83
84              -p,   --prompt
85                 Prompt for the string to encrypt
86
87       edit   open and decrypt an existing vaulted file  in  an  editor,  that
88              will be encrypted again when closed
89
90              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
91                 the  vault id used to encrypt (required if more than vault-id
92                 is provided)
93
94       create create and open a file in an editor that will be encrypted  with
95              the provided vault secret when closed
96
97              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
98                 the  vault id used to encrypt (required if more than vault-id
99                 is provided)
100
101       decrypt
102              decrypt the supplied file using the provided vault secret
103
104              --output
105                 output file name for encrypt or decrypt; use - for stdout
106
107       view   open, decrypt and view an existing vaulted file  using  a  pager
108              using the supplied vault secret
109

ENVIRONMENT

111       The following environment variables may be specified.
112
113       ANSIBLE_CONFIG -- Specify override location for the ansible config file
114
115       Many more are available for most options in ansible.cfg
116
117       For  a  full  list  check  https://docs.ansible.com/.  or use the ansi‐
118       ble-config command.
119

FILES

121       /etc/ansible/ansible.cfg -- Config file, used if present
122
123       ~/.ansible.cfg -- User config file, overrides  the  default  config  if
124       present
125
126       ./ansible.cfg  --  Local  config  file  (in  current working directory)
127       assumed to be 'project specific' and overrides the rest if present.
128
129       As mentioned above, the ANSIBLE_CONFIG environment variable will  over‐
130       ride all others.
131

AUTHOR

133       Ansible was originally written by Michael DeHaan.
134

COPYRIGHT

136       Copyright © 2018 Red Hat, Inc | Ansible.  Ansible is released under the
137       terms of the GPLv3 license.
138

SEE ALSO

140       ansible (1), ansible-config (1), ansible-console (1), ansible-doc  (1),
141       ansible-galaxy  (1), ansible-inventory (1), ansible-playbook (1), ansi‐
142       ble-pull (1),
143
144       Extensive documentation is available  in  the  documentation  site:  <‐
145       https://docs.ansible.com>.   IRC  and mailing list info can be found in
146       file         CONTRIBUTING.md,         available         in:          <‐
147       https://github.com/ansible/ansible>
148
149
150
151
152Ansible 2.8.1                                                 ANSIBLE-VAULT(1)