ansible-vault(1)

1ANSIBLE-VAULT(1)        System administration commands        ANSIBLE-VAULT(1)
2
3
4

NAME

6       ansible-vault - encryption/decryption utility for Ansible data files
7

SYNOPSIS

9       usage: ansible-vault [-h] [--version] [-v]
10              {create,decrypt,edit,view,encrypt,encrypt_string,rekey} ...
11

DESCRIPTION

13       can encrypt any structured data file used by Ansible.  This can include
14       group_vars/ or host_vars/ inventory variables, variables loaded by  in‐
15       clude_vars or vars_files, or variable files passed on the ansible-play‐
16       book command line with -e @file.yml or -e @file.json.   Role  variables
17       and defaults are also included!
18
19       Because  Ansible tasks, handlers, and other objects are data, these can
20       also be encrypted with vault.  If you'd like to not expose  what  vari‐
21       ables  you are using, you can keep an individual task file entirely en‐
22       crypted.
23

COMMON OPTIONS

25       --version
26          show program's version number, config file location, configured mod‐
27          ule search path, module location, executable location and exit
28
29       -h, --help
30          show this help message and exit
31
32       -v, --verbose
33          Causes Ansible to print more debug messages. Adding multiple -v will
34          increase the verbosity, the builtin plugins currently evaluate up to
35          -vvvvvv.  A  reasonable level to start is -vvv, connection debugging
36          might require -vvvv.
37

ACTIONS

39       create create and open a file in an editor that will be encrypted  with
40              the provided vault secret when closed
41
42              --ask-vault-password,   --ask-vault-pass
43                 ask for vault password
44
45              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
46                 the  vault  id  used  to  encrypt  (required if more than one
47                 vault-id is provided)
48
49              --vault-id
50                 the vault identity to use
51
52              --vault-password-file,   --vault-pass-file
53                 vault password file
54
55       decrypt
56              decrypt the supplied file using the provided vault secret
57
58              --ask-vault-password,   --ask-vault-pass
59                 ask for vault password
60
61              --output 'OUTPUT_FILE'
62                 output file name for encrypt or decrypt; use - for stdout
63
64              --vault-id
65                 the vault identity to use
66
67              --vault-password-file,   --vault-pass-file
68                 vault password file
69
70       edit   open and decrypt an existing vaulted file  in  an  editor,  that
71              will be encrypted again when closed
72
73              --ask-vault-password,   --ask-vault-pass
74                 ask for vault password
75
76              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
77                 the  vault  id  used  to  encrypt  (required if more than one
78                 vault-id is provided)
79
80              --vault-id
81                 the vault identity to use
82
83              --vault-password-file,   --vault-pass-file
84                 vault password file
85
86       view   open, decrypt and view an existing vaulted file  using  a  pager
87              using the supplied vault secret
88
89              --ask-vault-password,   --ask-vault-pass
90                 ask for vault password
91
92              --vault-id
93                 the vault identity to use
94
95              --vault-password-file,   --vault-pass-file
96                 vault password file
97
98       encrypt
99              encrypt the supplied file using the provided vault secret
100
101              --ask-vault-password,   --ask-vault-pass
102                 ask for vault password
103
104              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
105                 the  vault  id  used  to  encrypt  (required if more than one
106                 vault-id is provided)
107
108              --output 'OUTPUT_FILE'
109                 output file name for encrypt or decrypt; use - for stdout
110
111              --vault-id
112                 the vault identity to use
113
114              --vault-password-file,   --vault-pass-file
115                 vault password file
116
117       encrypt_string
118              encrypt the supplied string using the provided vault secret
119
120              --ask-vault-password,   --ask-vault-pass
121                 ask for vault password
122
123              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
124                 the vault id used to  encrypt  (required  if  more  than  one
125                 vault-id is provided)
126
127              --output 'OUTPUT_FILE'
128                 output file name for encrypt or decrypt; use - for stdout
129
130              --show-input
131                 Do not hide input when prompted for the string to encrypt
132
133              --stdin-name 'ENCRYPT_STRING_STDIN_NAME'
134                 Specify the variable name for stdin
135
136              --vault-id
137                 the vault identity to use
138
139              --vault-password-file,   --vault-pass-file
140                 vault password file
141
142              -n,   --name
143                 Specify the variable name
144
145              -p,   --prompt
146                 Prompt for the string to encrypt
147
148       rekey  re-encrypt a vaulted file with a new secret, the previous secret
149              is required
150
151              --ask-vault-password,   --ask-vault-pass
152                 ask for vault password
153
154              --encrypt-vault-id 'ENCRYPT_VAULT_ID'
155                 the vault id used to  encrypt  (required  if  more  than  one
156                 vault-id is provided)
157
158              --new-vault-id 'NEW_VAULT_ID'
159                 the new vault identity to use for rekey
160
161              --new-vault-password-file 'NEW_VAULT_PASSWORD_FILE'
162                 new vault password file for rekey
163
164              --vault-id
165                 the vault identity to use
166
167              --vault-password-file,   --vault-pass-file
168                 vault password file
169

ENVIRONMENT

171       The following environment variables may be specified.
172
173       ANSIBLE_CONFIG -- Specify override location for the ansible config file
174
175       Many more are available for most options in ansible.cfg
176
177       For  a  full  list  check  https://docs.ansible.com/.  or use the ansi‐
178       ble-config command.
179

FILES

181       /etc/ansible/ansible.cfg -- Config file, used if present
182
183       ~/.ansible.cfg -- User config file, overrides  the  default  config  if
184       present
185
186       ./ansible.cfg  --  Local config file (in current working directory) as‐
187       sumed to be 'project specific' and overrides the rest if present.
188
189       As mentioned above, the ANSIBLE_CONFIG environment variable will  over‐
190       ride all others.
191

AUTHOR

193       Ansible was originally written by Michael DeHaan.
194

COPYRIGHT

196       Copyright © 2018 Red Hat, Inc | Ansible.  Ansible is released under the
197       terms of the GPLv3 license.
198