NAME
ansible-vault - encryption/decryption utility for Ansible data filesSYNOPSIS
- usage: ansible-vault [-h] [--version] [-v]
- {create,decrypt,edit,view,encrypt,encrypt_string,rekey} ...
DESCRIPTION
can encrypt any structured data file used by Ansible. This can include group_vars/ or host_vars/ inventory variables, variables loaded by include_vars or vars_files, or variable files passed on the ansible-playbook command line with -e @file.yml or -e @file.json. Role variables and defaults are also included!COMMON OPTIONS
--versionshow program's version number, config file
location, configured module search path, module location, executable location
and exit
show this help message and exit
Causes Ansible to print more debug messages.
Adding multiple -v will increase the verbosity, the builtin plugins currently
evaluate up to -vvvvvv. A reasonable level to start is -vvv, connection
debugging might require -vvvv.
ACTIONS
- create
- create and open a file in an editor that will be encrypted with the provided vault secret when closed --ask-vault-password, --ask-vault-pass
ask for vault password
the vault id used to encrypt (required if more
than one vault-id is provided)
the vault identity to use
vault password file
- decrypt
- decrypt the supplied file using the provided vault secret --ask-vault-password, --ask-vault-pass
ask for vault password
output file name for encrypt or decrypt; use -
for stdout
the vault identity to use
vault password file
- edit
- open and decrypt an existing vaulted file in an editor, that will be encrypted again when closed --ask-vault-password, --ask-vault-pass
ask for vault password
the vault id used to encrypt (required if more
than one vault-id is provided)
the vault identity to use
vault password file
- view
- open, decrypt and view an existing vaulted file using a pager using the supplied vault secret --ask-vault-password, --ask-vault-pass
ask for vault password
the vault identity to use
vault password file
- encrypt
- encrypt the supplied file using the provided vault secret --ask-vault-password, --ask-vault-pass
ask for vault password
the vault id used to encrypt (required if more
than one vault-id is provided)
output file name for encrypt or decrypt; use -
for stdout
the vault identity to use
vault password file
- encrypt_string
- encrypt the supplied string using the provided vault secret --ask-vault-password, --ask-vault-pass
ask for vault password
the vault id used to encrypt (required if more
than one vault-id is provided)
output file name for encrypt or decrypt; use -
for stdout
Do not hide input when prompted for the string
to encrypt
Specify the variable name for stdin
the vault identity to use
vault password file
Specify the variable name
Prompt for the string to encrypt
- rekey
- re-encrypt a vaulted file with a new secret, the previous secret is required --ask-vault-password, --ask-vault-pass
ask for vault password
the vault id used to encrypt (required if more
than one vault-id is provided)
the new vault identity to use for rekey
new vault password file for rekey
the vault identity to use
vault password file
ENVIRONMENT
The following environment variables may be specified.FILES
/etc/ansible/ansible.cfg -- Config file, used if presentAUTHOR
Ansible was originally written by Michael DeHaan.COPYRIGHT
Copyright © 2018 Red Hat, Inc | Ansible. Ansible is released under the terms of the GPLv3 license.SEE ALSO
ansible (1), ansible-config (1), ansible-console (1), ansible-doc (1), ansible-galaxy (1), ansible-inventory (1), ansible-playbook (1), ansible-pull (1),| Ansible 2.14.3 |