1ANSIBLE-VAULT(1)        System administration commands        ANSIBLE-VAULT(1)
2
3
4

NAME

6       ansible-vault - encryption/decryption utility for Ansible data files
7

SYNOPSIS

9       usage: ansible-vault [-h] [--version] [-v]
10              {create,decrypt,edit,view,encrypt,encrypt_string,rekey}
11

DESCRIPTION

13       can encrypt any structured data file used by Ansible.  This can include
14       group_vars/ or host_vars/  inventory  variables,  variables  loaded  by
15       include_vars  or  vars_files,  or  variable  files  passed on the ansi‐
16       ble-playbook command line with -e @file.yml  or  -e  @file.json.   Role
17       variables and defaults are also included!
18
19       Because  Ansible tasks, handlers, and other objects are data, these can
20       also be encrypted with vault.  If you'd like to not expose  what  vari‐
21       ables  you  are  using,  you  can keep an individual task file entirely
22       encrypted.
23

COMMON OPTIONS

25       --version
26          show program's version number, config file location, configured mod‐
27          ule search path, module location, executable location and exit
28
29       -h, --help
30          show this help message and exit
31
32       -v, --verbose
33          verbose mode (-vvv for more, -vvvv to enable connection debugging)
34

ACTIONS

36       create create  and open a file in an editor that will be encrypted with
37              the provided vault secret when closed
38
39              --ask-vault-pass
40                 ask for vault password
41
42              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
43                 the vault id used to encrypt (required if more than  vault-id
44                 is provided)
45
46              --vault-id
47                 the vault identity to use
48
49              --vault-password-file
50                 vault password file
51
52       decrypt
53              decrypt the supplied file using the provided vault secret
54
55              --ask-vault-pass
56                 ask for vault password
57
58              --output 'OUTPUT_FILE'
59                 output file name for encrypt or decrypt; use - for stdout
60
61              --vault-id
62                 the vault identity to use
63
64              --vault-password-file
65                 vault password file
66
67       edit   open  and  decrypt  an  existing vaulted file in an editor, that
68              will be encrypted again when closed
69
70              --ask-vault-pass
71                 ask for vault password
72
73              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
74                 the vault id used to encrypt (required if more than  vault-id
75                 is provided)
76
77              --vault-id
78                 the vault identity to use
79
80              --vault-password-file
81                 vault password file
82
83       view   open,  decrypt  and  view an existing vaulted file using a pager
84              using the supplied vault secret
85
86              --ask-vault-pass
87                 ask for vault password
88
89              --vault-id
90                 the vault identity to use
91
92              --vault-password-file
93                 vault password file
94
95       encrypt
96              encrypt the supplied file using the provided vault secret
97
98              --ask-vault-pass
99                 ask for vault password
100
101              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
102                 the vault id used to encrypt (required if more than  vault-id
103                 is provided)
104
105              --output 'OUTPUT_FILE'
106                 output file name for encrypt or decrypt; use - for stdout
107
108              --vault-id
109                 the vault identity to use
110
111              --vault-password-file
112                 vault password file
113
114       encrypt_string
115              encrypt the supplied string using the provided vault secret
116
117              --ask-vault-pass
118                 ask for vault password
119
120              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
121                 the  vault id used to encrypt (required if more than vault-id
122                 is provided)
123
124              --output 'OUTPUT_FILE'
125                 output file name for encrypt or decrypt; use - for stdout
126
127              --stdin-name 'ENCRYPT_STRING_STDIN_NAME'
128                 Specify the variable name for stdin
129
130              --vault-id
131                 the vault identity to use
132
133              --vault-password-file
134                 vault password file
135
136              -n,   --name
137                 Specify the variable name
138
139              -p,   --prompt
140                 Prompt for the string to encrypt
141
142       rekey  re-encrypt a vaulted file with a new secret, the previous secret
143              is required
144
145              --ask-vault-pass
146                 ask for vault password
147
148              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
149                 the  vault id used to encrypt (required if more than vault-id
150                 is provided)
151
152              --new-vault-id 'NEW_VAULT_ID'
153                 the new vault identity to use for rekey
154
155              --new-vault-password-file 'NEW_VAULT_PASSWORD_FILE'
156                 new vault password file for rekey
157
158              --vault-id
159                 the vault identity to use
160
161              --vault-password-file
162                 vault password file
163

ENVIRONMENT

165       The following environment variables may be specified.
166
167       ANSIBLE_CONFIG -- Specify override location for the ansible config file
168
169       Many more are available for most options in ansible.cfg
170
171       For a full list  check  https://docs.ansible.com/.  or  use  the  ansi‐
172       ble-config command.
173

FILES

175       /etc/ansible/ansible.cfg -- Config file, used if present
176
177       ~/.ansible.cfg  --  User  config  file, overrides the default config if
178       present
179
180       ./ansible.cfg -- Local  config  file  (in  current  working  directory)
181       assumed to be 'project specific' and overrides the rest if present.
182
183       As  mentioned above, the ANSIBLE_CONFIG environment variable will over‐
184       ride all others.
185

AUTHOR

187       Ansible was originally written by Michael DeHaan.
188
190       Copyright © 2018 Red Hat, Inc | Ansible.  Ansible is released under the
191       terms of the GPLv3 license.
192

SEE ALSO

194       ansible  (1), ansible-config (1), ansible-console (1), ansible-doc (1),
195       ansible-galaxy (1), ansible-inventory (1), ansible-playbook (1),  ansi‐
196       ble-pull (1),
197
198       Extensive  documentation  is  available  in  the documentation site: <‐
199       https://docs.ansible.com>.  IRC and mailing list info can be  found  in
200       file          CONTRIBUTING.md,         available         in:         <‐
201       https://github.com/ansible/ansible>
202
203
204
205
206Ansible 2.9.18                                                ANSIBLE-VAULT(1)
Impressum