top of page

Ansible Vault

Ansible Vault is a feature that allows keeping secrete data like Server Password & private key in encrypted files, rather than as plain-text in playbooks or roles.

Encrypting an existing playbook file

So In this example we are going to see how we can encrypt plain-text formatted playbook So that sensitive data can be encrypted using password for decryption.

This will prompt you for password twice. Once it is done your playbook file will be encrypted.

[root@tecgeek ~]# ansible-vault encrypt /home/siddhesh/baseline/defaults/main.yml

> New Vault password: ********

> Confirm New Vault password: ********

> Encryption successful

[root@tecgeek ~]#

If you try to open this file in directly in any editor, then you can see something like this....

[root@tecgeek ~]# vim /home/siddhesh/baseline/defaults/main.yml










[root@tecgeek ~]#

Creating an encrypted new playbook file

To create a new encrypted file you can use the create command.

[root@tecgeek ~]# ansible-vault create /home/siddhesh/baseline/defaults/tecgeek.yml

> New Vault password: ********

> Confirm New Vault password: ********

[root@tecgeek ~]#

Editing already encrypted playbook file

To edit already encrypted playbook file you can use the edit command.

[root@tecgeek ~]# ansible-vault edit /home/siddhesh/baseline/defaults/tecgeek.yml

> Vault password: ********

[root@tecgeek ~]#

Decrypting an encrypted playbook file.

You can decrypt a file to get it back to plaintext using decrypt command.

[root@tecgeek ~]# ansible-vault decrypt /home/siddhesh/baseline/defaults/tecgeek.yml

> Vault password: ********

[root@tecgeek ~]#

bottom of page